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High Vulnerabilities 








CVSS Source & Patch 
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Primary 


Vendor -- Product Description Published 








Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious .m4a file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


Adobe After Effects version 18.4 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious .m4a file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious .m4a file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


CVE-2021-40759 
Adobe After Effects version 18.4.1 (and earlier) is affected by a 


2021-11-18 MISC 


adobe -- after_effects 








CVE-2021-40752 


2021-11-18 MISC 


adobe -- after_effects 








CVE-2021-40760 


2021-11-18 MISC 


adobe -- after_effects 











memory corruption vulnerability due to insecure handling of a 
malicious WAV file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


CVE-2021-40758 


2021-11-18 MISC 


adobe -- after_effects 








Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious MXF file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


CVE-2021-40757 


2021-11-18 MISC 


adobe -- after_effects 








Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
adobe -- after_effects malicious SGI file in the DoReadContinue function, potentially 2021-11-18 
resulting in arbitrary code execution in the context of the current 
user. User interaction is required to exploit this vulnerability. 


Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious SVG file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


CVE-2021-40755 
MISC 








CVE-2021-40753 


2021-11-18 MISG 


adobe -- after_effects 
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adobe -- after_effects 


Adobe After Effects version 18.4.1 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious WAV file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


2021-11-18 


CVE-2021-40754 
MISC 








adobe -- after_effects 


Adobe After Effects version 18.4 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious .m4a file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required in 
that the victim must open a specially crafted file to exploit this 
vulnerability. 


2021-11-18 


CVE-2021-40751 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious .psd file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required to 
exploit this vulnerability. 


2021-11-18 


CVE-2021-40733 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) are affected by an out- 
of-bounds write vulnerability that could result in arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious BMP file. 


2021-11-18 


CVE-2021-42271 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) are affected by an out- 
of-bounds write vulnerability that could result in arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious BMP file. 


2021-11-18 


CVE-2021-42524 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) are affected by an out- 
of-bounds write vulnerability that could result in arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious GIF file. 


2021-11-18 


ICVE-2021-42272 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious FLA file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required to 
exploit this vulnerability. 


2021-11-18 


CVE-2021-42266 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) is affected by a 
memory corruption vulnerability due to insecure handling of a 
malicious FLA file, potentially resulting in arbitrary code execution 
in the context of the current user. User interaction is required to 
exploit this vulnerability. 


2021-11-18 


CVE-2021-42267 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) are affected by a use- 
after-free vulnerability in the processing of a malformed FLA file 
that could result in arbitrary code execution in the context of the 
current user. Exploitation of this issue requires user interaction in 
that a victim must open a malicious file. 


2021-11-18 


CVE-2021-42269 
MISC 








adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) are affected by an out- 
of-bounds write vulnerability that could result in arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious BMP file. 


2021-11-18 


CVE-2021-42270 
MISC 








adobe -- indesign 


Adobe InDesign versions 16.4 (and earlier) are affected by a 
Buffer Overflow vulnerability when parsing a specially crafted file. 
An unauthenticated attacker could leverage this vulnerability to 
achieve arbitrary code execution in the context of the current user. 
Exploitation of this issue requires user interaction in that a victim 
must open a malicious file. 


2021-11-16 


CVE-2021-42731 
MISC 








adobe -- media_encoder 


Adobe Media Encoder version 15.4 (and earlier) are affected by a 
memory corruption vulnerability. An unauthenticated attacker 
could leverage this vulnerability to achieve arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 
malicious M4A file. 


2021-11-16 


CVE-2021-42721 
MISC 








adobe -- media_encoder 








Adobe Media Encoder version 15.4 (and earlier) are affected by a 
memory corruption vulnerability. An unauthenticated attacker 
could leverage this vulnerability to achieve arbitrary code 
execution in the context of the current user. Exploitation of this 
issue requires user interaction in that a victim must open a 





malicious M4A file. 








2021-11-16 








CVE-2021-42726 
MISC 
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vulnerability by using an SMI to gain arbitrary code execution in 
SMRAM. 

















MISC 


Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Adobe Media Encoder version 15.4.1 (and earlier) are affected by 
a memory corruption vulnerability. An unauthenticated attacker 
z could leverage this vulnerability to achieve arbitrary code CVE-2021-43013 
adobe= media encoder execution in the context of the current user. Exploitation of this 2021501116 23 MISC 
issue requires user interaction in that a victim must open a 
malicious file. 
Adobe Prelude version 10.1 (and earlier) are affected by a 
memory corruption vulnerability. An unauthenticated attacker 
could leverage this vulnerability to achieve arbitrary code CVE-2021-43011 
adobe -- prelude execution in the context of the current user. Exploitation of this a 2.3 MISC 
issue requires user interaction in that a victim must open a 
malicious M4A file. 
Adobe Prelude version 10.1 (and earlier) are affected by a 
memory corruption vulnerability. An unauthenticated attacker 
could leverage this vulnerability to achieve arbitrary code CVE-2021-43012 
adober prelude execution in the context of the current user. Exploitation of this 20212111G 2.3 MISC 
issue requires user interaction in that a victim must open a 
malicious M4A file. 
Adobe Premiere Pro version 15.4 (and earlier) are affected by a 
memory corruption vulnerability. An unauthenticated attacker 
: could leverage this vulnerability to achieve arbitrary code CVE-2021-42723 
adobe -- premiere_pro execution in the context of the current user. Exploitation of this el 2.3 MISC 
issue requires user interaction in that a victim must open a 
malicious M4A file. 
Improper input and range checking in the Platform Security 
; Processor (PSP) boot loader image header may allow for an CVE-2021-26335 
amd -- epyc_7003_firmware attacker to use attack-controlled values prior to signature eae La MISC 
validation potentially resulting in arbitrary code execution. 
AMD System Management Unit (SMU) contains a potential issue CVE-2021-26331 
amd -- epyc_7003_firmware where a malicious user may be able to manipulate mailbox entries || 2021-11-16 L2 Msc 
leading to arbitrary code execution. ae 
: Failure to validate VM_HSAVE_PA during SNP_INIT may result in CVE-2021-26326 
amd -- epyc_7232p_firmware a loss of memory integrity. 2021-11-16 | Pas MISC 
Improper access controls in System Management Unit (SMU) may CVE-2021-26338 
amd -- epyc_7f72_firmware allow for an attacker to override performance control tables 2021-11-16 7.8 MISC... 
located in DRAM resulting in a potential lack of system resources. e 
An insufficient pointer validation vulnerability in the AMD Graphics CVE-2020-12963 
amd -- radeon_software Driver for Windows may allow unprivileged users to compromise 2021-11-15 T2 aoe e 
MISC 
the system. 
In Apache Ozone versions prior to 1.2.0, Initially generated block X : 
Apache—ozone tokens are persisted to the metadata database and can be 2021-11-19 75 P ina 
P retrieved with authenticated users with permission to the key. B PEIE 
: A MLIST 
Authenticated users may use them even after access is revoked. 
A flaw was found in Apache ShenYu Admin. The incorrect use of 
apachė = sħenyu JWT in ShenyuAdminBootstrap allows an attacker to bypass 2021-11-16 75 r 
P y authentication. This issue affected Apache ShenYu 2.3.0 and — Pare 
240 MLIST 
Broadcom Emulex HBA Manager/One Command Manager 
versions before 11.4.425.0 and 12.8.542.31, if not installed in 
Strictly Local Management mode, have a buffer overflow sae ee aes 
broadcom -- emulex_hba_manager eres . 2021-11-12 La MISC 
vulnerability in the remote firmware download feature that could CONFIRM 
allow remote unauthenticated users to perform various attacks. In fee eee 
non-secure mode, the user is unauthenticated. 
Ubuntu-specific modifications to accountsservice (in patch file 
debian/patches/0010-set-language.patch) caused the 
fallback_locale variable, pointing to static storage, to be freed, in CVE-2021-3939 
canonical -- accountsservice the user_change_language_authorized_cb function. This is 2021-11-17 L2 MISC 
reachable via the SetLanguage dbus function. This is fixed in MISC 
versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55- 
Oubuntu14.1. 
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, 
improperly invalidate a user’s session even after the user logs out 
of the application. In addition, user sessions are stored in the CVE-2021-25985 
darwin -- factor browser’s local storage, which by default does not have an 2021-11-16 £5 MISC 
expiration time. This makes it possible for an attacker to steal and MISC 
reuse the cookies using techniques such as XSS attacks, followed 
by a local account takeover. 
Dell BIOS contains an improper input validation vulnerability. A 
dell -- alienware_13_r3_ firmware local authenticated malicious user may potentially exploit this 2021-11-12 72 CVE-2021-36325 
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dell -- 
emc_powerscale_nodes_a100_firm 


Dell EMC PowerScale Nodes contain a hardware design flaw. 

This may allow a local unauthenticated user to escalate privileges. 

wobis also affects Compliance mode and for Compliance mode 
Alters, is a critical vulnerability. Dell EMC recommends applying 


the workaround at your earliest opportunity. 


2021-11-12 


CVE-2021-36315 
MISC 








extremenetworks -- 
aerohive_netconfig 


The NetConfig UI administrative interface in Extreme Networks 
ExtremeWireless Aerohive HiveOS and IQ Engine through 
10.0r8a allows attackers to execute PHP code as the root user via 
remote HTTP requests that insert this code into a log file and then 
traverse to that file. 


2021-11-14 


CVE-2020-16152 
MISC 
MISC 








facade -- ignition 


The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for 
Laravel has a "fix variable names" feature that can lead to 
incorrect access control. 


2021-11-17 


CVE-2021-43996 
MISC 
MISC 
MISC 








fluxcd -- kustomize-controller 


kustomize-controller is a Kubernetes operator, specialized in 
running continuous delivery pipelines for infrastructure and 
workloads defined with Kubernetes manifests and assembled with 
Kustomize. Users that can create Kubernetes Secrets, Service 
Accounts and Flux Kustomization objects, could execute 
commands inside the kustomize-controller container by 
embedding a shell script in a Kubernetes Secret. This can be used 
to run “kubectl’ commands under the Service Account of 
kustomize-controller, thus allowing an authenticated Kubernetes 
user to gain cluster admin privileges. In affected versions 
multitenant environments where non-admin users have 
permissions to create Flux Kustomization objects are affected by 
this issue. This vulnerability was fixed in kustomize-controller 
v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. 
Starting with v0.15, the kustomize-controller no longer executes 
shell commands on the container OS and the ‘kubectl’ binary has 
been removed from the container image. To prevent the creation 
of Kubernetes Service Accounts with ‘secrets’ in namespaces 
owned by tenants, a Kubernetes validation webhook such as 
Gatekeeper OPA or Kyverno can be used. 


2021-11-12 


Ico 


CVE-2021-41254 
CONFIRM 








google -- android 


In apusys, there is a possible memory corruption due to a missing 
bounds check. This could lead to local escalation of privilege with 
System execution privileges needed. User interaction is not 
needed for exploitation. Patch ID: ALPS05664273; Issue ID: 
ALPS05664273. 


2021-11-18 


CVE-2021-0671 
MISC 








google -- android 


In apusys, there is a possible memory corruption due to a use 
after free. This could lead to local escalation of privilege with 
System execution privileges needed. User interaction is not 
needed for exploitation. Patch ID: ALPS05654663; Issue ID: 
ALPS05654663. 


2021-11-18 


CVE-2021-0670 
MISC 








google -- android 


In apusys, there is a possible memory corruption due to a use 
after free. This could lead to local escalation of privilege with 
System execution privileges needed. User interaction is not 
needed for exploitation. Patch ID: ALPS05681550; Issue ID: 
ALPS05681550. 


2021-11-18 


CVE-2021-0669 
MISC 








google -- android 


In apusys, there is a possible memory corruption due to incorrect 
error handling. This could lead to local escalation of privilege with 
System execution privileges needed. User interaction is not 
needed for exploitation. Patch ID: ALPS05670521; Issue ID: 
ALPS05670521. 


2021-11-18 


CVE-2021-0668 
MISC 








google -- android 


In mdlactl driver, there is a possible memory corruption due to a 
use after free. This could lead to local escalation of privilege with 
System execution privileges needed. User interaction is not 
needed for exploitation. Patch ID: ALPS05776625; Issue ID: 
AALPS05776625. 


2021-11-18 


CVE-2021-0629 
MISC 








ibm -- system_x3550_m3_firmware 


A command injection vulnerability was reported in the Integrated 
Management Module (IMM) of legacy IBM System x 3550 M3 and 
IBM System x 3650 M3 servers that could allow the execution of 
operating system commands over an authenticated SSH or Telnet 
session. 


2021-11-12 


Io 


CVE-2021-3723 
CONFIRM 








intel -- 
nuc_hdmi_firmware_update_tool 


Incorrect default permissionsin the software installer for the 
Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, 
NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an 
authenticated user to potentially enable escalation of privilege via 
local access. 


2021-11-17 


CVE-2021-33090 
MISC 








intel -- 





Insecure inherited permissions in the installer for the Intel(R) NUC 
M15 Laptop Kit audio driver pack before version 1.3 may allow an 


nuc_m15_laptop_kit_audio_driver_paakhenticated user to potentially enable escalation of privilege via 


local access. 














2021-11-17 








CVE-2021-33091 
MISC 
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of user-supplied data prior to copying it to a fixed-length stack- 
based buffer. An attacker can leverage this vulnerability to execute 








code in the context of root. Was ZDI-CAN-14110. 

















Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Incorrect default permissions in the installer for the Intel(R) NUC 
intel -- M15 Laptop Kit HID Event Filter driver pack before version 2021-11-17 72 CVE-2021-33092 
nuc_m15_laptop_kit_hid_event_filter2d2iMeB8B8aclay allow an authenticated user to potentially enable T MISC 
escalation of privilege via local access. 
Incorrect default permissions in the installer for the Intel(R) NUC 
intel -- M15 Laptop Kit Integrated Sensor Hub driver pack before version 2021-11-17 72 CVE-2021-33088 
nuc_m15_laptop_kit_integrated_sensmd. ht 4Biweay dick an authenticated user to potentially enable = MISC 
escalation of privilege via local access. 
Unquoted search path in the installer for the Intel(R) NUC M15 
intel -- Laptop Kit Keyboard LED Service driver pack before version 2021-11-17 72 CVE-2021-33095 
nuc_m15_laptop_kit_keyboard_led_st(vids_orayeallpac&n authenticated user to potentially enable a MISC 
escalation of privilege via local access. 
Insecure inherited permissions in the installer for the Intel(R) NUC 
intel -- M15 Laptop Kit Keyboard LED Service driver pack before version 2021-11-17 72 CVE-2021-33094 
nuc_m15_laptop_kit_keyboard_led_st(vids_nrayeallpac&n authenticated user to potentially enable = MISC 
escalation of privilege via local access. 
Insecure inherited permissions in the installer for the Intel(R) NUC 
intel -- M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 2021-11-17 72 CVE-2021-33093 
nuc_m15_laptop_kit_serial_io_drivernpaaclallow an authenticated user to potentially enable escalation of — MISC 
privilege via local access. 
Due to improper sanitization iPack SCADA Automation software 
; : suffers from a remote SQL injection vulnerability. An CVE-2021-3958 
ipack < scada aütomation unauthenticated attacker with the web access is able to extract ZOEN MITTS LS MISC 
critical information from the system. 
The server in Jamf Pro before 10.32.0 has a vulnerability affecting CVE-2021-39303 
\jamf -- jamf integrity and availability, aka PI-006352. NOTE: Jamf Nation will 2021-11-12 5 MISC 
also publish an article about this vulnerability. CONFIRM 
ison-schema_project -- json- ison-schema is vulnerable to Improperly Controlled Modification of 2021-11-13 75 a 
schema Object Prototype Attributes (‘Prototype Pollution’) ala CONFIRM 
Laravel Framework through 8.70.2 does not sufficiently block the 
upload of executable PHP content because 
Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a E 
laravel -- framework check for .phar files, which are handled as application/x-httpd-php || 2021-11-14 25 MISC 
on systems based on Debian. NOTE: this CVE Record is for MISC 
Laravel Framework, and is unrelated to any reports concerning Eum 
incorrectly written user applications for image upload. 
A potential vulnerability in the SMI callback function that saves 
and restore boot script tables used for resuming from sleep state CVE-2021-3719 
lenovo -- thinkcentre_e93_firmware ||in some ThinkCentre and ThinkStation models may allow an 2021-11-12 L2 Prca 
: a CONFIRM 
attacker with local access and elevated privileges to execute 
arbitrary code. 
Due to improper sanitization MedData HBYS software suffers from 
a remote SQL injection vulnerability. An unauthenticated attacker CVE-2021-43362 
meadatass nbys with the web access is able to extract critical information from the || 2021-11-16 t5 CONFIRM 
system. 
Due to improper sanitization MedData HBYS software suffers from 
a remote SQL injection vulnerability. An unauthenticated attacker CVE-2021-43361 
medoatamNDyS with the web access is able to extract critical information from the || 2021-11-16 LS CONFIRM 
system. 
A SQL injection issue in 
pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 
and 9.6 < rev 18274 allows remote unauthenticated attackers to 
wiontalacsresourtespace execute arbitrary SQL commands via the k parameter. This allows 2021-11-15 75 Io =e 
p attackers to uncover the full contents of the ResourceSpace “=~ MISC 
database, including user session cookies. An attacker who gets ——— 
an admin user session cookie can use the session cookie to 
execute arbitrary code on the server. 
This vulnerability allows network-adjacent attackers to execute 
arbitrary code on affected installations of NETGEAR R6400v2 
1.0.4.106_10.0.80 routers. Authentication is not required to exploit 
this vulnerability. The specific flaw exists within the UPnP service, CVE-2021-34991 
netgear -- ex3700_firmware which listens on TCP port 5000 by default. When parsing the uuid || 2021-11-15 8.3 MISC 
request header, the process does not properly validate the length MISC 
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nim-lang -- nim 


Nim is a systems programming language with a focus on 
efficiency, expressiveness, and elegance. In affected versions the 
uri.parseUri function which may be used to validate URIs accepts 
null bytes in the input URI. This behavior could be used to bypass 
URI validation. For example: parseUri("http://localhost 
hello").hostname is set to "localhost hello". Additionally, 
httpclient.getContent accepts null bytes in the input URL and 
ignores any data after the first null byte. Example: 
getContent("http://localhost hello") makes a request to 
localhost:80. An attacker can use a null bytes to bypass the check 
and mount a SSRF attack. 


2021-11-12 


CVE-2021-41259 
CONFIRM 








npmjs -- npm 


The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds 
with an installation even if dependency information in package- 
lock.json differs from package.json. This behavior is inconsistent 
with the documentation, and makes it easier for attackers to install 
malware that was supposed to have been blocked by an exact 
version match requirement in package-lock.json. 


2021-11-13 


CVE-2021-43616 
MISC 
MISC 
MISC 








online_learning_system_project -- 
online_learning_system 


Sourcecodester Online Learning System 2.0 is vunlerable to sql 
injection authentication bypass in admin login file 
(/admin/login.php) and authenticated file upload in (Master.php) 
file , we can craft these two vunlerablities to get unauthenticated 
remote command execution. 


2021-11-15 


CVE-2021-42580 
MISC 
MISC 








opendesign -- oda_viewer 


An improper handling of exceptional conditions vulnerability exists 
in Open Design Alliance ODA Viewer sample before 2022.11. 
ODA Viewer continues to process invalid or malicious DWF files 
instead of stopping upon an exception. An attacker can leverage 
this vulnerability to execute code in the context of the current 
process. 


2021-11-14 


CVE-2021-43272 
MISC 








openzeppelin -- contracts 


OpenZeppelin Contracts is a library for smart contract 
development. In affected versions upgradeable contracts using 
*UUPSUpgradeable’ may be vulnerable to an attack affecting 
uninitialized implementation contracts. A fix is included in version 
4.3.2 of (@openzeppelin/contracts’ and 
*@openzeppelin/contracts-upgradeable’. For users unable to 
upgrade; initialize implementation contracts using 
*UUPSUpgradeable’ by invoking the initializer function (usually 
called ‘initialize*). An example is provided [in the forum] 
(https://forum.openzeppelin.com/t/security-advisory-initialize-uups- 
implementation-contracts/15301). 


2021-11-12 


CVE-2021-41264 
MISC 

CONFIRM 

MISC 








qnap -- multimedia_console 


A stack buffer overflow vulnerability has been reported to affect 
QNAP NAS running Multimedia Console. If exploited, this 
vulnerability allows attackers to execute arbitrary code. We have 
already fixed this vulnerability in the following versions of 
Multimedia Console: Multimedia Console 1.4.3 (2021/10/05 ) and 
later Multimedia Console 1.5.3 ( 2021/10/05 ) and later 


2021-11-13 


CVE-2021-38684 
MISC 








qualcomm -- apq8009_ firmware 


Possible buffer overflow due to improper input validation in PDM 
DIAG command in FTM in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial IOT, Snapdragon loT, Snapdragon Mobile, 
Snapdragon Voice & Music, Snapdragon Wearables 


2021-11-12 


CVE-2021-30255 
CONFIRM 








qualcomm -- apq8009_firmware 


Possible buffer overflow due to improper input validation in factory 
calibration and test DIAG command in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, Snapdragon 
Consumer IOT, Snapdragon Industrial IOT, Snapdragon loT, 
Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon 
Wearables 


2021-11-12 


CVE-2021-30254 
CONFIRM 








qualcomm -- apq8009_firmware 


Possible heap overflow due to improper length check of domain 
while parsing the DNS response in Snapdragon Auto, Snapdragon 
Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial IOT, Snapdragon loT, Snapdragon Voice & 
Music, Snapdragon Wearables 


2021-11-12 


CVE-2021-1975 
CONFIRM 








qualcomm -- apq8009_firmware 


A FTM Diag command can allow an arbitrary write into modem OS 
space in Snapdragon Auto, Snapdragon Compute, Snapdragon 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial 
IOT, Snapdragon loT, Snapdragon Mobile, Snapdragon Voice & 
Music, Snapdragon Wearables 


2021-11-12 


CVE-2021-1973 
CONFIRM 








qualcomm -- aqt1000_firmware 











Possible buffer overflow due to improper validation of FTM 
command payload in Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial IOT, Snapdragon Mobile 








2021-11-12 











CVE-2021-1979 
CONFIRM 
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Info 








qualcomm -- aqt1000_ firmware 


Possible out of bound access due to improper validation of 
function table entries in Snapdragon Auto, Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer IOT, 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables, Snapdragon Wired 
Infrastructure and Networking 


2021-11-12 


CVE-2021-30259 
CONFIRM 








qualcomm -- aqt1000_firmware 


Possible integer overflow can occur due to improper length check 
while calculating count and grace period in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, Snapdragon 
Industrial IOT, Snapdragon Mobile 


2021-11-12 


CVE-2021-1912 
CONFIRM 








qualcomm -- aqt1000_firmware 


Possible buffer overflow due to lack of parameter length check 
during MBSSID scan IE parse in Snapdragon Compute, 
Snapdragon Connectivity, Snapdragon Consumer Electronics 
Connectivity 


2021-11-12 


CVE-2021-30321 
CONFIRM 








recruitment_management_system_p 


recruitment_management_system 


The Company's Recruitment Management System in id=2 of the 
parameter from view_vacancy app on-page appears to be 
najėwtrable to SQL injection. The payloads 19424269' or 
'1309'='1309 and 39476597' or '2917'='2923 were each submitted 
in the id parameter. These two requests resulted in different 
responses, indicating that the input is being incorporated into a 
SQL query in an unsafe way. 


2021-11-17 


CVE-2021-41931 
MISC 








samsung -- ddr4_sdram_firmware 


Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a 
vulnerability in their internal Target Row Refresh (TRR) mitigation 
against Rowhammer attacks. Novel non-uniform Rowhammer 
access patterns, consisting of aggressors with different 
frequencies, phases, and amplitudes allow triggering bit flips on 
affected memory modules using our Blacksmith fuzzer. The 
patterns generated by Blacksmith were able to trigger bitflips on 
all 40 PC-DDR4 DRAM devices in our test pool, which cover the 
three major DRAM manufacturers: Samsung, SK Hynix, and 
Micron. This means that, even when chips advertised as 
Rowhammer-free are used, attackers may still be able to exploit 
Rowhammer. For example, this enables privilege-escalation 
attacks against the kernel or binaries such as the sudo binary, and 
also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain 
cross-tenant virtual-machine access. We can confirm that DRAM 
devices acquired in July 2020 with DRAM chips from all three 
major DRAM vendors (Samsung, SK Hynix, Micron) are affected 
by this vulnerability. For more details, please refer to our 
publication. 


2021-11-16 


CVE-2021-42114 
MISC 

MISC 

CONFIRM 








smartertools -- smartermail 


SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 
allows remote code execution. 


2021-11-17 


CVE-2021-32234 
MISC 
MISC 








tibco -- partnerexpress 


The Interior Server and Gateway Server components of TIBCO 
Software Inc.'s TIBCO PartnerExpress contain easily exploitable 
Stored and Reflected Cross Site Scripting (XSS) vulnerabilities 
that allow a low privileged attacker to social engineer a legitimate 
user with network access to execute scripts targeting the affected 
system or the victim's local system. A successful attack using this 
vulnerability requires human interaction from a person other than 
the attacker. Affected releases are TIBCO Software Inc.'s TIBCO 
PartnerExpress: versions 6.2.1 and below. 


2021-11-16 


CVE-2021-43047 
CONFIRM 
CONFIRM 








tibco -- partnerexpress 


The Interior Server and Gateway Server components of TIBCO 
Software Inc.'s TIBCO PartnerExpress contain an easily 
exploitable vulnerability that allows an unauthenticated attacker 
with network access to obtain session tokens for the affected 
system. A successful attack using this vulnerability requires 
human interaction from a person other than the attacker. Affected 
releases are TIBCO Software Inc.'s TIBCO PartnerExpress: 
versions 6.2.1 and below. 


2021-11-16 


CVE-2021-43046 
CONFIRM 
CONFIRM 








tibco -- partnerexpress 


The Interior Server and Gateway Server components of TIBCO 
Software Inc.'s TIBCO PartnerExpress contain a vulnerability that 
theoretically allows an unauthenticated attacker with network 
access to execute a clickjacking attack on the affected system. A 
successful attack using this vulnerability does not require human 
interaction from a person other than the attacker. Affected 
releases are TIBCO Software Inc.'s TIBCO PartnerExpress: 
versions 6.2.1 and below. 


2021-11-16 


CVE-2021-43048 
CONFIRM 
CONFIRM 








tp-link -- tl-wr840n_firmware 








The PING function on the TP-Link TL-WR840N EU v5 router with 
firmware through TL-WR840N(EU)_V5_ 171211 is vulnerable to 
remote code execution via a crafted payload in an IP address 
input field. 











2021-11-13 








CVE-2021-41653 
MISC 
MISC 
MISC 














https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fd6a45 





7/36 


11/23/21, 9:32 AM 


Vulnerability Summary for the Week of November 15, 2021 












































Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Grand Vice info Co. webopac7 file upload function fails to filter 
: special characters. While logging in with general user’s CVE-2021-42839 
vice -- webopac permission, remote attackers can upload malicious script and pial 3 MISC 
execute arbitrary code to control the system or interrupt services. 
Zoho Remote Access Plus Server Windows Desktop binary fixed 
in version 10.1.2132 is affected by an unauthorized password 
coke a ing remote access lugreset vulnerability. Because of the designed password reset 2021-11-17 ie aae = 
geengine_! = —P mechanism, any non-admin Windows user can reset the es 
password of the Remote Access Plus Server Admin account. 














Back to top 


Medium Vulnerabilities 





Primary 
Vendor -- Product 


Description 


Published 


Source & Patch 


Info 








adobe -- after_effects 


Adobe After Effects version 18.4.1 (and earlier) is affected by a 
Null pointer dereference vulnerability when parsing a specially 
crafted file. An unauthenticated attacker could leverage this 
vulnerability to achieve an application denial-of-service in the 
context of the current user. Exploitation of this issue requires user 
interaction in that a victim must open a malicious file. 


2021-11-18 


CVE-2021-40761 
MISC 





adobe -- after_effects 


Adobe After Effects version 18.4.1 (and earlier) is affected by a 


Null pointer dereference vulnerability when parsing a specially 
crafted file. An unauthenticated attacker could leverage this 
vulnerability to achieve an application denial-of-service in the 
context of the current user. Exploitation of this issue requires user 
interaction in that a victim must open a malicious file. 


2021-11-18 


CVE-2021-40756 
MISC 








adobe -- animate 


Acrobat Animate versions 21.0.9 (and earlier)is affected by an out- 
of-bounds read vulnerability that could lead to disclosure of 
sensitive memory. An attacker could leverage this vulnerability to 
bypass mitigations such as ASLR. Exploitation of this issue 
requires user interaction in that a victim must open a malicious 
file. 


2021-11-18 


CVE-2021-42525 
MISC 





adobe -- animate 


Adobe Animate version 21.0.9 (and earlier) is affected by a Null 


pointer dereference vulnerability when parsing a specially crafted 
FLA file. An unauthenticated attacker could leverage this 
vulnerability to achieve an application denial-of-service in the 
context of the current user. Exploitation of this issue requires user 
interaction in that a victim must open a malicious file. 


2021-11-18 


CVE-2021-42268 
MISC 








adobe -- campaign 


Adobe Campaign version 21.2.1 (and earlier) is affected by a Path 
‘Traversal vulnerability that could lead to reading arbitrary server 
files. By leveraging an exposed XML file, an unauthenticated 
attacker can enumerate other files on the server. 


2021-11-17 


CVE-2021-40745 
MISC 





adobe -- experience_manager 


Adobe Experience Manager version 6.5.9.0 (and earlier) are 


affected by an improper access control vulnerability that leads to a 
security feature bypass. By manipulating referer headers, an 
unauthenticated attacker could gain access to arbitrary pages that 
they are not authorized to access. 


2021-11-16 


CVE-2021-42725 
MISC 





advantech -- 


webaccess_hmi_designer 


This vulnerability could allow an attacker to disclose information 


and execute arbitrary code on affected installations of 
WebAccess/MHI Designer 


2021-11-15 


CVE-2021-42706 


MISC 





advantech -- 


webaccess_hmi_designer 


This vulnerability could allow an attacker to send malicious 
Javascript code resulting in hijacking of the user’s cookie/session 
tokens, redirecting the user to a malicious webpage, and 
performing unintended browser action. 


2021-11-15 


CVE-2021-42703 
MISC 








aifu -- 


The permission control of AIFU cashier management salary query 
function can be bypassed, thus after obtaining general user’s 


cashier_accounting_management_s\ys¢emission, the remote attacker can access account information 


except passwords by crafting URL parameters. 


2021-11-16 


CVE-2021-42337 
MISC 





alquistai -- alquist 


AlquistManager branch as of commit 
280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a 
directory traversal vulnerability in alquist/IO/input.py. This attack 
can cause the disclosure of critical secrets stored anywhere on 
the system and can significantly aid in getting remote code 
access. 


2021-11-15 


CVE-2021-43495 
MISC 








alquistai -- alquist 








AlquistManager branch as of commit 
280d99f43b11378212652e75f6f3 159cde9c1d36 is affected by a 
directory traversal vulnerability. This attack can cause the 
disclosure of critical secrets stored anywhere on the system 





andcan significantly aid in getting remote code access. 








2021-11-12 








CVE-2021-43492 
MISC 
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authorized and can be called by any client. 

















MLIST 


Sead te wack Description Published | ieee — Fateh 
When the AMD Platform Security Processor (PSP) boot rom 
loads, authenticates, and subsequently decrypts an encrypted CVE-2021-26315 
amd -- epyc_7003_firmware FW, due to insufficient verification of the integrity of decrypted 2021-11-16 4.6 Msc 
image, arbitrary code may be executed in the PSP when ——— 
encrypted firmware images are used. 
, Race condition in PSP FW could allow less privileged x86 code to CVE-2020-12951 
amd -- epyc_7003_firmware perform PSP SMM operations. 2021-11-16 | 4.4 MISC 
Insufficient bounds checking in System Management Unit (SMU) 
_ : may cause invalid memory accesses/updates that could result in 44. CVE-2021-26336 
amd = epyè r003-Tirmware SMU hang and subsequent failure to service any further requests oe) Ate 49 MISC 
from other components. 
A potential vulnerability exists in AMD Platform Security Processor 
: (PSP) that may allow an attacker to zero any privileged register on CVE-2020-12961 
amd -- epyc_7003_firmware the System Management Network which may lead to bypassing 20A MaG 46 MISC 
SPI ROM protections. 
3 Failure to validate SEV Commands while SNP is active may result CVE-2021-26323 
amd -- epyc_7232p_firmware in a potential impact to memory integrity. eet? | 46 MISC 
: Insufficient validation of BIOS image length by PSP Firmware CVE-2020-12944 
amd = epy- ot snes could lead to arbitrary code execution. eoa S 4.6 MISC 
Insufficient ID command validation in the SEV Firmware may allow CVE-2021-26321 
amd -- epyc_7601_ firmware a local authenticated attacker to perform a denial of service of the || 2021-11-16 4.9 Msc 
PSP. pe 
; Persistent platform private key may not be protected with a CVE-2021-26322 
amd -- epyc_7601_firmware random IV leading to a potential “two time pad attack”. 20ANG S MISC 
Insufficient input validation in PSP firmware for discrete TPM CVE-2020-12946 
amd -- epyc_7f72_firmware commands could allow a potential loss of integrity and denial of 2021-11-16 6.6 MISC 
service. a 
Improper parameters validation in some trusted applications of the 
PSP contained in the AMD Graphics Driver may allow a local CVE-2020-12929 
amd -- radeon_software attacker to bypass security restrictions and achieve arbitrary code 2021-1119 46 MISC 
execution . 
Out of Bounds Write and Read in AMD Graphics Driver for CVE-2020-12903 
amd -- radeon_software Windows 10 in Escape 0x6002d03 may lead to escalation of 2021-11-15 4.6 Msc 
privilege or denial of service. Baa 
A potential privilege escalation/denial of service issue exists in the 
AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. CVE-2020-12964 
amd- radeon soitware An attacker with low privilege could potentially induce a Windows a 4.8 MISC 
BugCheck or write to leak information. 
amd -- radeon_software Escape call interface in the AMD Graphics Driver for Windows 2021-11-15 46 CVE-2020-12962 
may cause privilege escalation. MISC 
An arbitrary write vulnerability in the AMD Radeon Graphics Driver CVE-2020-12900 
amd -- radeon_software for Windows 10 potentially allows unprivileged users to gain 2021-11-15 46 Msc 
Escalation of Privileges and cause Denial of Service. = 
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 CVE-2020-12898 
amd -- radeon_software may lead to escalation of privilege or denial of service. Loea a | 46 MISC 
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver CVE-2020-12902 
amd -- radeon_software for Windows 10 may lead to escalation of privilege or denial of 2021-11-15 46 Msc = 
service. e 
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in CVE-2020-12895 
amd -- radeon_software Escape 0x110037 may lead to escalation of privilege, information || 2021-11-15 4.6 Msc = 
disclosure or denial of service. < 
amd -- radeon_software An untrusted search path in AMD Radeon settings Installer may 2021-11-15 4.4 CVE-2020-12892 
lead to a privilege escalation or unauthorized code execution. MISC 
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in CVE-2020-12893 
amd -- radeon_software Escape 0x15002a may lead to escalation of privilege or denial of 2021-11-15 4.6 Msc 
service. —— 
In Apache Ozone before 1.2.0, Authenticated users with valid CVE-2021-39236 
apache -- ozone Ozone S3 credentials can create specific OM requests, 2021-11-19 6.5 MISC 
impersonating any other user. MLIST 
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check 
the access mode parameter of the block token. Authenticated a AES Ls) 
apache -- ozone : ; : ; 2021-11-19 4 MISC 
users with valid READ block token can do any write operation on MLIST 
the same block. RER 
In Apache Ozone versions prior to 1.2.0, Authenticated users 
apachei= ozonė knowing the ID of an existing block can craft specific request 2021-11-19 49 o Ts 
P allowing access those blocks, bypassing other security checks like = MUIST 
ACL. n 
In Apache Ozone versions prior to 1.2.0, Container related CVE-2021-39233 
apache -- ozone Datanode requests of Ozone Datanode were not properly 2021-11-19 6.4 MISC 
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Primary ae : CVSS Source & Patch 
Vendor -- Product Description PublSneg | Score Info 
In Apache Ozone versions prior to 1.2.0, certain admin related CVE-2021-39232 
apache -- ozone SCM commands can be executed by any authenticated users, not || 2021-11-19 6.5 MISC 
just by admins. MLIST 
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide CVE-2021-41532 
apache -- ozone access to OM, SCM and Datanode metadata. Due to a bug, any 2021-11-19 5 MISC 
unauthenticated user can access the data from these endpoints. MLIST 
In Apache Ozone versions prior to 1.2.0, Various internal server- 
apache -- ozone to-server RPC endpoints are available for connections, making it 2021-11-19 6.4 — 
possible for an attacker to download raw data from Datanode and S MUIST 
Ozone manager and modify Ratis replication configuration. Pe 
Apache Superset up to and including 1.3.1 allowed for database CVE-2021-41972 
apache -- superset connections password leak for authenticated users. This 2021-11-12 4 CONFIRM 
information could be accessed in a non-trivial way. CONFIRM 
Improper output neutralization for Logs. A specific Apache CVE-2021-42250 
apache -- superset Superset HTTP endpoint allowed for an authenticated user to 2021-11-17 4 CONFIRM 
forge log entries or inject malicious content into logs. MLIST 
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to 
Insufficient Session Expiration. When a user’s password is CVE-2021-25940 
arangodb -- arangodb changed by the administrator, the session isn’t invalidated, 2021-11-16 6 MISC 
allowing a malicious user to still be logged in and perform arbitrary MISC 
actions within the system. 
CVE-2021-3932 
area17 -- twill twill is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CONFIRM 
MISC 
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3- 
SAE) has improper control of Interaction frequency vulnerability, CVE-2021-37910 
asus -- gt-axe11000_ firmware an unauthenticated attacker can remotely disconnect other users' || 2021-11-12 5 Msc 
connections by sending specially crafted SAE authentication ena 
frames. 
** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control 
Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via CVE-2021-43574 
atmail -- atmail the format parameter to the default URI. NOTE: This vulnerability || 2021-11-15 4.3 MISC 
only affects products that are no longer supported by the MISC 
maintainer. 
Some device communications in some Motorola-branded 
binatoneglobal -- Binatone Hubble Cameras with backend Hubble services are not 2021-11-12 5 CVE-2021-3792 
halo_camera_firmware encrypted which could lead to the communication channel being 5 CONFIRM 
accessible by an attacker. 
An unauthenticated remote code execution vulnerability was 
binatoneglobal -- reported in some Motorola-branded Binatone Hubble Cameras 2021-11-12 58 CVE-2021-3577 
halo_camera_firmware that could allow an attacker on the same network unauthorized i CONFIRM 
access to the device. 
An improper access control vulnerability was reported in some 
. Motorola-branded Binatone Hubble Cameras which could allow an 
gs Ge aaa unauthenticated attacker on the same network as the device to 2021-11-12 5 oa 
= = access administrative pages that could result in information e 
disclosure or device firmware update with verified firmware. 
A vulnerability was reported in some Motorola-branded Binatone 
binatoneglobal -- Hubble Cameras that could allow an attacker with local access to 2021-11-12 46 CVE-2021-3787 
halo_camera_firmware obtain the MQTT credentials that could result in unauthorized E CONFIRM 
access to backend Hubble services. 
; An exposed debug interface was reported in some Motorola- 
a g I branded Binatone Hubble Cameras that could allow an attacker 2021-11-12 4.6 oa 
= = with physical access unauthorized access to the device. Pee ee at 
Broadcom Emulex HBA Manager/One Command Manager 
versions before 11.4.425.0 and 12.8.542.31, if not installed in 
b Strictly Local Management mode, have a vulnerability in the eee a 
roadcom -- emulex_hba_manager 3 2021-11-12 6.4 MISC 
remote firmware download feature that could allow a user to place CONFIRM 
or replace an arbitrary file on the remote host. In non-secure ae 
mode, the user is unauthenticated. 
Broadcom Emulex HBA Manager/One Command Manager 
versions before 11.4.425.0 and 12.8.542.31, if not installed in CVE-2021-42773 
broadcom -- emulex_hba_manager |/Strictly Local Management mode, could allow a user to retrieve an || 2021-11-12 5 MISC 
arbitrary file from a remote host with the GetDumpFile command. CONFIRM 
In non-secure mode, the user is unauthenticated. 
An attacker-controlled pointer free in Busybox's hush applet leads 
to denial of service and possible code execution when processing CVE-2021-42377 
busybox -- busybox a crafted shell command, due to the shell mishandling the &&& 2021-11-15 6.8 NA 
string. This may be used for remote code execution under rare R 
conditions of filtered command input. 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42378 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6:5 ge re 


N/A 
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vulnerability. This vulnerability is triggered when upgrading from a 
previous versions. 

















MISC 


Primary ae : CVSS Source & Patch 
Vendor -- Product Description eubllehed | Score Info 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42379 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 — 
pattern in the next_input_file function EA 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42380 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 NA 
pattern in the clrvar function =S 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42381 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 wa 7 
pattern in the hash_init function m 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42382 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 ma 0¢€=~S~*# 
pattern in the getvar_s function ss 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42384 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 NA 
pattern in the handle_special function a 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42383 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 NA 
pattern in the evaluate function =S 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42385 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 7 eal 
pattern in the evaluate function —— 
A use-after-free in Busybox's awk applet leads to denial of service CVE-2021-42386 
busybox -- busybox and possibly code execution when processing a crafted awk 2021-11-15 6.5 i“ i 
pattern in the nvalloc function =S 
- - : CVE-2020-14424 
eact cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via 2021-11-14 43 CONFIRM 
template import for the midwinter theme. CONFIRM 
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross- 
Site Request Forgery (CSRF). By luring an authenticated user to CVE-2021-25965 
calibre-web_project -- calibre-web __||click on a link, an attacker can create a new user role with admin 2021-11-16 6.8 MISC 
privileges and attacker-controlled credentials, allowing them to MISC 
take over the application. 
Clustering master branch as of commit 
53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a CVE-2021-43496 
clustering_project -- clustering directory traversal vulnerability. This attack can cause the 2021-11-12 5 Msc 
disclosure of critical secrets stored anywhere on the system and <= 
can significantly aid in getting remote code access. 
OpenCV-REST-API master branch as of commit 
; 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a 
ece npea ig = directory traversal vulnerability. This attack can cause the 2021-11-12 5 er 
P -rest_ap disclosure of critical secrets stored anywhere on the system and Peo 
can significantly aid in getting remote code access. 
cron-utils is a Java library to define, parse, validate, migrate crons 
as well as get human readable descriptions for them. In affected 
versions A template Injection was identified in cron-utils enabling 
attackers to inject arbitrary Java EL expressions, leading to wee 
aponditils-arolect’eronaitile unauthenticated Remote Code Execution (RCE) vulnerability. 2021-11-15 68 MISC 
Pro} Versions up to 9.1.2 are susceptible to this vulnerability. Please S CONFIRM 
note, that only projects using the @Cron annotation to validate Msc 
untrusted Cron expressions are affected. The issue was patched e 
and a new version was released. Please upgrade to version 9.1.6. 
There are no known workarounds known. 
In Factor (App Framework & Headless CMS) forum plugin, 
versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site CVE-2021-25982 
darwin -- factor Scripting (XSS) at the “search” parameter in the URL. An 2021-11-16 4.3 MISC 
unauthenticated attacker can execute malicious JavaScript code MISC 
and steal the session cookies. 
In Factor (App Framework & Headless CMS) forum plugin, 
versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site CVE-2021-25983 
darwin -- factor Scripting (XSS) at the “tags” and “category” parameters in the 2021-11-16 4.3 MISC 
URL. An unauthenticated attacker can execute malicious MISC 
JavaScript code and steal the session cookies. 
In Factor (App Framework & Headless CMS) forum plugin, 
versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site CVE-2021-25984 
darwin -- factor Scripting (XSS) at the “post reply” section. An unauthenticated 2021-11-16 4.3 MISC 
attacker can execute malicious JavaScript code and steal the MISC 
session cookies. 
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x 
dell -- emc_powerscale_onefs contain an Exposure of Information through Directory Listing 2021-11-12 5 CVE-2021-21528 
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interaction is not needed for exploitation. Patch ID: 
ALPS05672103; Issue ID: ALPS05672103. 

















MISC 


Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Dell PowerScale OneFS contains an Unsynchronized Access to 
Shared Data in a Multithreaded Context in SMB CA handling. An CVE-2021-36305 
dell -- eme_powerscale_onefs authenticated user of SMB on a cluster with CA could potentially sozde 4 MISC 
exploit this vulnerability, leading to a denial of service over SMB. 
Discourse is a platform for community discussion. In affected 
versions a maliciously crafted request could cause an error CVE-2021-41271 
discourse -- discourse response to be cached by intermediate proxies. This could cause || 2021-11-15 5 CONFIRM 
a loss of confidentiality for some content. This issue is patched in MISC 
the latest stable, beta and tests-passed versions of Discourse. 
rails_multisite provides multi-db support for Rails applications. In 
affected versions this vulnerability impacts any Rails applications 
using ‘rails_multisite’ alongside Rails' signed/encrypted cookies. 
Depending on how the application makes use of these cookies, it CVE-2021-41263 
discourse -- rails_multisite may be possible for an attacker to re-use cookies on different 2021-11-15 6 MISC 
‘sites’ within a multi-site Rails application. The issue has been CONFIRM 
patched in v4 of the ‘rails_multisite’ gem. Note that this upgrade 
will invalidate all previous signed/encrypted cookies. The impact of 
this invalidation will vary based on the application architecture. 
django-helpdesk_project -- django- ||django-helpdesk is vulnerable to Improper Neutralization of Input CVE-2021-3945 
helpdesk During Web Page Generation ('Cross-site Scripting’) 2024-11-13 43 Met 
CONFIRM 
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to 
cross-site request forgery (CSRF) when performing various CVE-2021-25976 
dotnetfoundation -- piranha_cms actions supported by the management system, such as deleting a || 2021-11-16 4 CONFIRM 
user, deleting a role, editing a post, deleting a media folder etc., MISC 
when an ID is known. 
The Email Log WordPress plugin before 2.4.7 does not properly 
P : : validate, sanitise and escape the "orderby" and "order" GET CVE-2021-24758 
email Jeg project ~emall J99 parameters before using them in SQL statement in the admin eet 8.5 MISC 
dashboard, leading to SQL injections 
CVE-2021-3921 
firefly-iii -- firefly_iii firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CONFIRM 
MISC 
An issue was discovered in the fruity crate through 0.2.0 for Rust. 
Security-relevant validation of filename extensions is plausibly CVE-2021-43620 
; ; ; affected. Methods of NSString for conversion to a string may MISC 
fruity project = fruity return a partial result. Because they call CStr::from_ptr on a PORES 5 MISC 
pointer to the string buffer, the string is terminated at the first ' ' MISC 
byte, which might not be the end of the string. 
The Colorful Categories WordPress plugin before 2.0.15 does not 
gesundheit-bewegt -- enforce nonce checks which could allow attackers to make a 2021-11-17 43 CVE-2021-24802 
colorful_categories logged in admin or editor change taxonomy colors via a CSRF = MISC 
attack 
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 CVE-2021-43618 
: has an mpz/inp_raw.c integer overflow and resultant buffer MISC 
gmplib — gmp overflow via crafted input, leading to a segmentation fault on 32-bit 2024-11219 3 MISC 
platforms. MISC 
In GNU Mailman before 2.1.36, a crafted URL to the CVE-2021-43331 
gnu -- mailman Cgi/options.py user options page can execute arbitrary JavaScript || 2021-11-12 4.3 MISC 
for XSS. CONFIRM 
In GNU Mailman before 2.1.36, the CSRF token for the 
r Cgi/admindb.py admindb page contains an encrypted version of CVE-2021-43332 
gnu -- mailman : - i : 2021-11-12 4 MISC 
the list admin password. This could potentially be cracked by a CONFIRM 
moderator via an offline brute-force attack. e 
In mdlactl driver, there is a possible memory corruption due to an 
incorrect bounds check. This could lead to local escalation of CVE-2021-0655 
google -- android privilege with System execution privileges needed. User 2021-11-18 4.6 Msc 
interaction is not needed for exploitation. Patch ID: n 
ALPS05673424; Issue ID: ALPS05673424. 
In edma driver, there is a possible memory corruption due to a use 
after free. This could lead to local escalation of privilege with CVE-2021-0656 
google -- android System execution privileges needed. User interaction is not 2021-11-18 4.6 Msc 
needed for exploitation. Patch ID: ALPS05709376; Issue ID: e 
ALPS05709376. 
In apusys, there is a possible out of bounds write due to a stack- 
based buffer overflow. This could lead to local escalation of CVE-2021-0657 
google -- android privilege with System execution privileges needed. User 2021-11-18 4.6 mice = 
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Vendor -- die Description Published Score Info 
In apusys, there is a possible out of bounds write due to a missing 
bounds check. This could lead to local escalation of privilege with CVE-2021-0658 
google -- android System execution privileges needed. User interaction is not 2021-11-18 4.6 Msc 
needed for exploitation. Patch ID: ALPS05672107; Issue ID: ——— 
AALPS05672107. 








In ccu, there is a possible memory corruption due to a use after 
free. This could lead to local escalation of privilege with System 
execution privileges needed. User interaction is not needed for 
exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158. 


In apusys, there is a possible memory corruption due to a use 
after free. This could lead to local escalation of privilege with 
google -- android System execution privileges needed. User interaction is not 2021-11-18 
needed for exploitation. Patch ID: ALPS05670581; Issue ID: 
AALPS05670581. 


Grafana is an open-source platform for monitoring and 
observability. In affected versions when the fine-grained access 
control beta feature is enabled and there is more than one 
organization in the Grafana instance admins are able to access 
users from other organizations. Grafana 8.0 introduced a 
mechanism which allowed users with the Organization Admin role CVE-2021-41244 
to list, add, remove, and update users’ roles in other organizations ic. eee 


CVE-2021-0664 
grafana -- grafana in which they are not an admin. With fine-grained access control 2021-11-15 6.5 MISC 


2021-11-18 MISC 


google -- android 








CVE-2021-0667 
MISC 








enabled, organization admins can list, add, remove and update — 
users' roles in another organization, where they do not have eee 
organization admin role. All installations between v8.0 and v8.2.3 
that have fine-grained access control beta enabled and more than 
one organization should be upgraded as soon as possible. If you 
cannot upgrade, you should turn off the fine-grained access 
control using a feature flag. 


Improper access control in the installer for some Intel(R) Iris(R) Xe 
ibm -- MAX Dedicated Graphics Drivers for Windows 10 before version 
iris_xe_max_dedicated_graphics 27.20.100.9466 may allow authenticated user to potentially enable 
escalation of privilege via local access. 


IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not 
set the secure attribute on authorization tokens or session 
cookies. Attackers may be able to get the cookie values by 
sending a http:// link to a user or by planting this link in a site the 2021-11-15 
USEF goes to. The cookie will be sent to the insecure link and the 
attacker can then obtain the cookie value by snooping the traffic. 
IBM X-Force ID: 212782. 


IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses 








CVE-2021-0121 


2021-11-17 MISC 








CVE-2021-38977 
4.3 CONFIRM 
XF 


ibm -- 
security_guardium_key_lifecycle_ma 








ibm -- weaker than expected cryptographic algorithms that could allow L VE-2021-38983 












































IBM X-Force ID: 212788. 





























security_guardium_key_lifecycle_maaagatacker to decrypt highly sensitive information. IBM X-Force eves 5 a 
ID: 212792. es 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could 
allow a remote attacker to obtain sensitive information, caused by 
ibm -- the failure to properly enable HTTP Strict Transport Security. An 2024-11-15 43 oe 
security_guardium_key_lifecycle_maatigeker could exploit this vulnerability to obtain sensitive a E 
information using man in the middle techniques. IBM X-Force ID: = 
212783. 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a 
ibm -- one-way cryptographic hash against an input that should not be 2021-11-15 5 ee E 
security_guardium_key_lifecycle_maragersible, such as a password, but the software does not also = CONFIRM 
use a Salt as part of the input. IBM X-Force ID: 212785. = 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives 
ibm -- input or data, but it does not validate or incorrectly validates that 2024-11-12 4 A 
security_guardium_key_lifecycle_mattagerput has the properties that are required to process the data = CONFIRM 
safely and correctly. = 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives 
ibm -- input or data, but it does not validate or incorrectly validates that 2024-11-12 4 ee 
security_guardium_key_lifecycle_mattagerput has the properties that are required to process the data = xF 
Jiao and correctly. Em 
ibm- IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could CVE-2021-38974 
sacuritvuauardilin: Key: lteaveleam allow an authenticated user to cause a denial of service using 2021-11-15 4 CONFIRM 
y_g —Key_lecycle_marsdélally crafted HTTP requests. IBM X-Force ID: 212779. XE 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives 
ibm -- input or data, but it does not validate or incorrectly validates that 2021-11-12 4 aa 
security_guardium_key_lifecycle_mattagerput has the properties that are required to process the data 5 CONFIRM 
Been, and correctly. a eee 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could 
ibm -- allow a remote attacker to obtain sensitive information when a CVE-2021-38981 
security auardium. kev litacvele madgiailed technical error message is returned in the browser. This 2021-11-15 5 XF 
y_g Key_iltecycle_mai#grmnation could be used in further attacks against the system. CONFIRM 
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Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses 
ibm -- weaker than expected cryptographic algorithms that could allow 2021-11-15 5 laa 
security_guardium_key_lifecycle_maaagsitacker to decrypt highly sensitive information. IBM X-Force = CONFIRM 
I: 212793. at 
ibm IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could CVE-2021-38975 
security: auardiunm. key: lieevele-imt allow an authenticated user to to obtain sensitive information from || 2021-11-15 4 XF 
y_g —Key_lecycle_maneécially crafted HTTP request. IBM X-Force ID: 212780. CONFIRM 
IBM Security SiteProtector System 3.1.1 could allow a remote 
ibm -- attacker to obtain sensitive information, caused by missing 2021-11-12 5 ce 
security_siteprotector_system 'HttpOnly' flag. A remote attacker could exploit this vulnerability to = xe 
obtain sensitive information. IBM X-Force ID: 174129. =a 
; ; iCMS v7.0.15 was discovered to contain a Cross-Site Request CVE-2020-21141 
ease alll Forgery (CSRF) via /admincp.php?app=members&do=add. Zoae | 58 MISC 
The Insert Pages WordPress plugin before 3.7.0 allows users with 
sert pades roiect= a role as low as Contributor to access content and metadata from CVE-2021-24851 
at P J arbitrary posts/pages regardless of their author and status (ie 2021-11-17 4 CONFIRM 
-pag private), using a shortcode. Password protected posts/pages are MISC 
not affected by such issue. 
Improper input validation in software for some Intel(R) 
: : PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may CVE-2021-0078 
telax Nirmware allow an unauthenticated user to potentially enable denial of ave) Ae Bg MISC 
service or information disclosure via adjacent access. 
Improper input validation in firmware for some Intel(R) CVE-2021-0071 
intel -- ax210_firmware PROSet/Wireless WiFi in UEFI may allow an unauthenticated user|| 2021-11-17 5.8 MISC. 
to potentially enable escalation of privilege via adjacent access. re 
Improper input validation in firmware for some Intel(R) 
; : PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may CVE-2021-0063 
intel -=ax210 firmware allow an unauthenticated user to potentially enable denial of eel ga MISC 
service via adjacent access. 
Insecure inherited permissions in the Intel(R) PROSet/Wireless 
: : WiFi software installer for Windows 10 before version 22.40 may CVE-2021-0064 
Ine sae VG. Somes allow an authenticated user to potentially enable escalation of ADRIEN 46 MISC 
privilege via local access. 
Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi 
; : software installer for Windows 10 before version 22.40 may allow CVE-2021-0065 
Intel -= 8x210 firmware an authenticated user to potentially enable escalation of privilege eee elt 46 MISC 
via local access. 
Improper input validation in software for some Intel(R) 
; : PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may CVE-2021-0079 
Intels axa mens allow an unauthenticated user to potentially enable denial of ora el ai MISC 
service via adjacent access. 
; = Improper input validation for Intel(R) EMA before version 1.5.0 7 F 
ine : ‘ may allow an unauthenticated user to potentially enable denial of || 2021-11-17 5 CVE-2021-0013 
endpoint_management_assistant Boncens nehwonk access MISC 
Improper authentication in the software installer for the Intel(R) 
F : ; NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, CVE-2021-0096 
lite he nucziadn firmware NUCT7i7DN before version 1.78.1.1 may allow an authenticated || 2021-11-17 46 [MISC 
user to potentially enable escalation of privilege via local access. 
Improper access control in the software installer for the Intel(R) 
intel -- NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, 2021-11-17 46 CVE-2021-33089 
nuc_hdmi_firmware_update_tool NUC8i7BE before version 1.78.4.0.4 may allow an authenticated Z MISC 
user to potentially enable escalation of privilege via local access. 
: Out-of-bounds write in firmware for some Intel(R) NUCs may allow 
intel = P s an authenticated user to potentially enable denial of service via 2021-11-17 4.9 CVE 2021-33086 
nuc_m15_laptop_kit_lapbc51 O_firmware. | access MISC 
Improper authentication in the installer for the Intel(R) NUC M15 
intel -- Laptop Kit Management Engine driver pack before version 2021-11-17 49 CVE-2021-33087 
nuc_m15_laptop_kit_management_e¢h®idel Mive pagkallow an authenticated user to potentially — MISC 
enable denial of service via local access. 
Integer overflow in the Safestring library maintained by Intel(R) CVE-2021-33106 
intel -- safestring_library may allow an authenticated user to potentially enable escalation of|| 2021-11-17 46 Msc 
privilege via local access. e 
Improper permissions in the installer for the Intel(R) 
; > Thunderbolt(TM) non-DCH driver, all versions, for Windows may CVE-2020-8741 
intel -- thunderbolt_non-dch_driver [iow an authenticated user to potentially enable escalation of ane) te. 4.8 MISC 
privilege via local access. 
inking: onas dependence Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does CVE-2021-43577 
es p_aep y not configure its XML parser to prevent XML external entity (XXE) || 2021-11-12 55 CONFIRM 
attacks. MLIST 
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could allow attackers to make a logged in admin change them via 
a CSRF attack 

















MISC 


Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
CVE-2021-21701 
ere Jenkins Performance Plugin 3.20 and earlier does not configure CONFIRM 
jenkins -- performance its XML parser to prevent XML external entity (XXE) attacks. aE 4 MLIST 
MISC 
Jenkins pom2config Plugin 1.2 and earlier does not configure its 
XML parser to prevent XML external entity (XXE) attacks, allowing CVE-2021-43576 
re ; attackers with Overall/Read and Item/Read permissions to have CONFIRM 
jenkins -- pom2config Jenkins parse a crafted XML file that uses external entities for zoala 43 MLIST 
extraction of secrets from the Jenkins controller or server-side MISC 
request forgery. 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and 
earlier implements an agent-to-controller message that does not CVE-2021-43578 
jenkins -- squash_tm_publisher implement any validation of its input, allowing attackers able to 2021-11-12 5.5 CONFIRM 
control agent processes to replace arbitrary files on the Jenkins MLIST 
controller file system with an attacker-controlled JSON string. 
A dependency confusion vulnerability was reported in the Antilles 
open-source software prior to version 1.0.1 that could allow for 
remote code execution during installation due to a package listed 
in requirements.txt not existing in the public package index (PyPi). 
MITRE classifies this weakness as an Uncontrolled Search Path CVE-2021-3840 
lenovo -- antilles Element (CWE-427) in which a private package dependency may |} 2021-11-12 6.8 CONFIRM 
be replaced by an unauthorized package of the same name e 
published to a well-known public repository such as PyPi. The 
configuration has been updated to only install components built by 
Antilles, removing all other public package indexes. Additionally, 
the antilles-tools dependency has been published to PyPi. 
: A vulnerability was reported in some Lenovo Desktop models that 
ee oo could allow unauthorized access to the boot menu, when the 2021-11-12 6.9 a 
= "BIOS Password At Boot Device List" BIOS setting is Yes. e 
x Belledonne Belle-sip before 5.0.20 can crash applications such as CVE-2021-43611 
linphone -- belle-sip : aan ; 2021-11-12 5 MISC 
Linphone via " \ " in the display name of a From header. MISC 
Belledonne Belle-sip before 5.0.20 can crash applications such as 
iihnphone— belle-si Linphone via an invalid From header (request URI without a 2021-11-12 5 ae 
P P parameter) in an unauthenticated SIP message, a different issue = MISC 
than CVE-2021-33056. -n 
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in 
: P drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows e a 
linux -- linux_kernel i . : 2021-11-17 4.6 MISC 
an attacker (who can introduce a crafted device) to trigger an out- MISC 
of-bounds write via a crafted length value. e 
The parser in accepts requests with a space (SP) right after the CVE-2021-22959 
IIhttp -- IIhttp header name before the colon. This can lead to HTTP Request 2021-11-15 6.4 MISC... 
Smuggling (HRS) in Ilhttp < v2.1.4 and < v6.0.6. rere 
Minio console is a graphical user interface for the for MinlO 
operator. Minio itself is a multi-cloud object storage project. 
Affected versions are subject to an authentication bypass issue in 
the Operator Console when an external IDP is enabled. All users 
on release v0.12.2 and before are affected and are advised to 
update to 0.12.3 or newer. Users unable to upgrade should add CVE-2021-41266 
min -- minio_console automountServiceAccountToken: false to the operator-console 2021-11-15 6.8 MISC 
deployment in Kubernetes so no service account token will get CONFIRM 
mounted inside the pod, then disable the external identity provider 
authentication by unset the CONSOLE_IDP_URL, 
CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and 
CONSOLE_IDP_CALLBACK environment variable and instead 
use the Kubernetes service account token. 
ResourceSpace before 9.6 rev 18290 is affected by a reflected 
Cross-Site Scripting vulnerability in 
= plugins/wordpress_sso/pages/index.php via the wordpress_user 44. CVE-2021-41951 
montala =resoureespace parameter. If an attacker is able to persuade a victim to visit a ener Mele 4.3 MISC 
crafted URL, malicious JavaScript content may be executed within 
the context of the victim's browser. 
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 
18277 allows remote unauthenticated attackers to delete arbitrary 
wiontalacsstesaunsespace files on the ResourceSpace server via the provider and variant 2024-11-15 6.4 eo 
P parameters in pages/ajax/tiles.php. Attackers can delete R MISC 
configuration or source code files, causing the application to i 
become unavailable to all users. 
The MouseWheel Smooth Scroll WordPress plugin before 5.7 
mousewheel_smooth_scroll_project||does not have CSRF check in place on its settings page, which 2021-11-17 43 CVE-2021-24852 
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my_tickets_project -- my_tickets 


The My Tickets WordPress plugin before 1.8.31 does not properly 
sanitise and escape the Email field of booked tickets before 
outputting it in the Payment admin dashboard, which could allow 
unauthenticated users to perform Cross-Site Scripting attacks 
against admins 


2021-11-17 


CVE-2021-24796 
MISC 








nextcloud -- talk 


Nextcloud is an open-source, self-hosted productivity platform. 
The Nextcloud Talk application was vulnerable to a stored Cross- 
Site Scripting (XSS) vulnerability. For exploitation, a user would 
need to right-click on a malicious file and open the file in a new 
tab. Due the strict Content-Security-Policy shipped with Nextcloud, 
this issue is not exploitable on modern browsers supporting 
Content-Security-Policy. It is recommended that the Nextcloud 
Talk application is upgraded to patched versions 10.0.7, 10.1.4, 
11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has 
support for Content-Security-Policy. 


2021-11-15 


ICVE-2021-39222 
CONFIRM 

MISC 

MISC 








ni -- ni_service_locator 


There is an Unquoted Service Path in NI Service Locator 
(nisvcloc.exe) in versions prior to 18.0 on Windows. This may 
allow an authorized local user to insert arbitrary code into the 
unquoted service path and escalate privileges. 


2021-11-12 


CVE-2021-42563 
MISC 








ohmyz -- ohmyzsh 


ohmyzsh is vulnerable to Improper Neutralization of Special 
Elements used in an OS Command 


2021-11-12 


CVE-2021-3934 
CONFIRM 
MISC 








opendesign -- drawings_sdk 


An Out-of-bounds Read vulnerability exists in the DGN file reading 
procedure in Open Design Alliance Drawings SDK before 
2022.11. Crafted data in a DGN file and lack of verification of input 
data can trigger a read past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. 


2021-11-14 


CVE-2021-43273 
MISC 
MISC 
MISC 








opendesign -- 
drawings_software_developemnt_kit 


An Out-of-bounds Read vulnerability exists in the OBJ file reading 
procedure in Open Design Alliance Drawings SDK before 
2022.11. The lack of validating the input length can trigger a read 
past the end of an allocated buffer. An attacker can leverage this 
vulnerability to execute code in the context of the current process. 


2021-11-14 


CVE-2021-43278 
MISC 








opendesign -- 
drawings_software_development_kit 


A Use After Free vulnerability exists in the DGN file reading 
procedure in Open Design Alliance Drawings SDK before 2022.8. 
The issue results from the lack of validating the existence of an 
object prior to performing operations on the object. An attacker 
can leverage this vulnerability to execute code in the context of 
the current process. 


2021-11-14 


CVE-2021-43275 
MISC 








opendesign -- 
drawings_software_development_kit 


A Use After Free Vulnerability exists in the Open Design Alliance 
Drawings SDK before 2022.11. The specific flaw exists within the 
parsing of DWF files. The issue results from the lack of validating 
the existence of an object prior to performing operations on the 
object. An attacker can leverage this in conjunction with other 
vulnerabilities to execute arbitrary code in the context of the 
current process. 


2021-11-14 


CVE-2021-43274 
MISC 








opendesign -- 
drawings_software_development_kit 


A stack-based buffer overflow vulnerability exists in the DWF file 
reading procedure in Open Design Alliance Drawings SDK before 
2022.8. The issue results from the lack of proper validation of the 
length of user-supplied data before copying it to a stack-based 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. 


2021-11-14 


CVE-2021-43280 
MISC 








opendesign -- 
drawings_software_development_kit 


An Out-of-Bounds Write vulnerability exists when reading a DXF 
file using Open Design Alliance Drawings SDK before 2022.11. 
The specific issue exists within the parsing of DXF files. Crafted 
data in a DXF file (an invalid number of properties) can trigger a 
write operation past the end of an allocated buffer. An attacker can 
leverage this vulnerability to execute code in the context of the 
current process. 


2021-11-14 


CVE-2021-43336 
MISC 








opendesign -- 
drawings_software_development_kit 


An Out-of-Bounds Write vulnerability exists when reading a DGN 
file using Open Design Alliance Drawings SDK before 2022.11. 
The specific issue exists within the parsing of DGN files. Crafted 
data in a DGN file and lack of proper validation of input data can 
trigger a write operation past the end of an allocated buffer. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. 


2021-11-14 


CVE-2021-43390 
MISC 








opendesign -- 
drawings_software_development_kit 








An Out-of-Bounds Read vulnerability exists when reading a DXF 
file using Open Design Alliance Drawings SDK before 2022.11. 
The specific issue exists within the parsing of DXF files. Crafted 
data in a DXF file (an invalid dash counter in line types) can 
trigger a read past the end of an allocated buffer. An attacker can 
leverage this vulnerability to execute code in the context of the 





current process. 








2021-11-14 











CVE-2021-43391 
MISC 
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Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon 





Wired Infrastructure and Networking 














CONFIRM 


Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
An out-of-bounds read vulnerability exists in the U3D file reading 
procedure in Open Design Alliance PRC SDK before 2022.10. 
opendesign -- Crafted data in a U3D file can trigger a read past the end of an 2021-11-14 6.8 CVE-2021-43277 
oda_prc_software_development_kit allocated buffer. An attacker can leverage this in conjunction with = MISC 
other vulnerabilities to execute arbitrary code in the context of the 
current process. 
An out-of-bounds write vulnerability exists in the U3D file reading 
procedure in Open Design Alliance PRC SDK before 2022.10. 
opendesign -- Crafted data in a U3D file can trigger a write past the end of an 2021-11-14 6.8 CVE-2021-43279 
oda_prc_software_development_kit allocated buffer. An attacker can leverage this in conjunction with te MISC 
other vulnerabilities to execute arbitrary code in the context of the 
current process. 
An Out-of-bounds Read vulnerability exists in Open Design 
Alliance ODA Viewer before 2022.8. Crafted data in a DWF file CVE-2021-43276 
opendesign -- oda_viewer can trigger a read past the end of an allocated buffer. An attacker || 2021-11-14 6.8 Msc 
can leverage this in conjunction with other vulnerabilities to na 
execute arbitrary code in the context of the current process 
optical_character_recognition_projeġA stack-based buffer overflow vulnerability was discovered in gocr 2021-11-17 6.8 de =a 
-- optical_character_recognition through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. — MISC 
optical_character_recognition_projeg\ stack-based buffer overflow vulnerability was discovered in gocr 2021-11-17 68 o =a 
-- optical_character_recognition through 0.53-20200802 in measure_pitch() in pgm2asc.c. oa MISC 
CVE-2021-33480 
optical_character_recognition_projegAn use-after-free vulnerability was discovered in gocr through 2021-11-17 43 MISC 
-- optical_character_recognition 0.53-20200802 in context_correction() in pgm2asc.c. =a MISC 
MISC 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of Orckestra C1 CMS 6.10. 
Authentication is required to exploit this vulnerability. The specific 
flaw exists within Composite.dll. The issue results from the lack of a AEE 2s 
orckestra -- c1_cms cage ; : : 2021-11-15 6.5 MISC 
proper validation of user-supplied data, which can result in MISC 
deserialization of untrusted data. An attacker can leverage this hoes 
vulnerability to execute code in the context of the service account. 
Was ZDI-CAN-14740. 
PI Vision could disclose information to a user with insufficient 
osisoft -- pi_vision privileges for an AF attribute that is the child of another attribute 2021-11-17 4 oo 
and is configured as a Limits property. Ta 
: The Preview E-Mails for WooCommerce WordPress plugin is 
ee OOE röject= vulnerable to Reflected Cross-Site Scripting via the search_order A 
raview sa. Pro} parameter found in the ~/views/form.php file which allows 2021-11-19 4.3 MISC 
Paie for Woccommercë attackers to inject arbitrary web scripts, in versions up to and MISC 
== including 1.6.8. sy A 
A cross-site scripting (XSS) vulnerability has been reported to 
affect QNAP device running QmailAgent. If exploited, this CVE-2021-34357 
qnap -- qmailagent vulnerability allows remote attackers to inject malicious code. We 2021-11-13 4.3 Msc 
have already fixed this vulnerability in the following versions of ———— 
QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later 
The QR Redirector WordPress plugin before 1.6 does not have 
: se capability and CSRF checks when saving bulk QR Redirector z : 
Se aie cnet ada settings via the qr_save_bulk AJAX action, which could allow any | 2021-11-17 43 a 
a authenticated user, such as subscriber to change the redirect r 
response status code of arbitrary QR Redirects 
Possible information exposure and denial of service due to NAS 
not dropping messages when integrity check fails in Snapdragon 
s ; Auto, Snapdragon Compute, Snapdragon Connectivity, 44. CVE-2021-30284 
qualcomm=vapd8003mrmware Snapdragon Consumer IOT, Snapdragon Industrial IOT, 20RIME TA os CONFIRM 
Snapdragon loT, Snapdragon Mobile, Snapdragon Voice & Music, 
Snapdragon Wearables 
Possible use after free due improper validation of reference from 
call back to internal store table in Snapdragon Auto, Snapdragon CVE-2021-30264 
qualcomm -- apq8009_ firmware Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial 2021-11-12 4.6 CONFIRM 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon e 
Wearables, Snapdragon Wired Infrastructure and Networking 
Possible use after free due to improper memory validation when 
initializing new interface via Interface add command in 
qualcomm -- apq8009_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon 2021-11-12 46 CVE-2021-30266 
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Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Possible buffer over read due to improper IE size check of Bearer 
capability IE in MT setup request from network in Snapdragon CVE-2021-1981 
qualcomm -- apq8017_firmware Auto, Snapdragon Compute, Snapdragon Connectivity, 2021-11-12 6.4 CONFIRM 
Snapdragon Consumer IOT, Snapdragon Industrial IOT, re 
Snapdragon Mobile 
Possible memory corruption due to improper validation of memory 
address while processing user-space IOCTL for clearing Filter and 
as : Route statistics in Snapdragon Auto, Snapdragon Compute, Pre CVE-2021-30265 
dualcomnm-=apqs0S3rmwars Snapdragon Connectivity, Snapdragon Consumer IOT, aoe Ne 4.6 CONFIRM 
Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon 
Voice & Music, Snapdragon Wearables 
Possible memory corruption due to Improper handling of 
hypervisor unmap operations for concurrent memory operations in CVE-2021-1921 
qualcomm -- aqt1000_ firmware Snapdragon Auto, Snapdragon Compute, Snapdragon 2021-11-12 6.9 CONFIRM 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial eee a 
IOT, Snapdragon Mobile 
Possible denial of service scenario can occur due to lack of length 
check on Channel Switch Announcement IE in beacon or probe 
response frame in Snapdragon Auto, Snapdragon Compute, CVE-2021-1903 
qualcomm -- aqt1000_firmware Snapdragon Connectivity, Snapdragon Consumer Electronics 2021-11-12 5 CONFIRM 
Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial era at 
IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon 
Wired Infrastructure and Networking 
Possible race condition can occur due to lack of synchronization 
= : mechanism when On-Device Logging node open twice Pre CVE-2021-30263 
quelcom -zagt OGY raat concurrently in Snapdragon Compute, Snapdragon Industrial IOT, 20211-12 4.4 CONFIRM 
Snapdragon Mobile, Snapdragon Voice & Music 
Possible denial of service scenario due to improper input 
: validation of received NAS OTA message in Snapdragon Auto, CVE-2021-1982 
qualcomm -- ar8035_firmware Snapdragon Compute, Snapdragon Connectivity, Snapdragon ae iile 3 CONFIRM 
Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile 
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to 
Ha Ad : : contain a cross-site scripting (XSS) vulnerability via the rule_name Pre CVE-2020-21639 
rujjie -= rg-uac 6000-e50Mimware parameter. This vulnerability allows attackers to execute arbitrary 2021311316 4.3 MISC 
web scripts or HTML via a crafted payload. 
Ruijie RG-UAC commit 9071227 was discovered to contain a 
sie : vulnerability in the component /current_action.php?action=reboot, CVE-2020-21627 
ruijie — rg-uac_firmware which allows attackers to cause a denial of service (DoS) via POEN NAG 5 MISC 
unspecified vectors. 
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access CVE-2021-43337 
Control. On sites using the new AccountingStoreFlags=job_script MISC 
schedmd -- slurm and/or job_env options, the access control rules in SlurmDBD may|| 2021-11-17 4 MISC 
permit users to request job scripts and environment files to which CONFIRM 
they should not have access. CONFIRM 
ServerManagement master branch as of commit 
servermanagement_project -- 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a 2021-11-12 5 CVE-2021-43493 
servermanagement directory traversal vulnerability. This vulnerability can be used to = MISC 
extract credentials which can in turn be used to execute code. 
CVE-2021-3775 
showdoc -- showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 5.8 MISC 
CONFIRM 
CVE-2021-3776 
showdoc -- showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 5.8 MISC 
CONFIRM 
CVE-2021-3683 
showdoc -- showdoc showdoc is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CONFIRM 
MISC 
The Simple JWT Login WordPress plugin before 3.2.1 does not 
: ; ; ; have nonce checks when saving its settings, allowing attackers to 
simple_jwt_login_project 7 make a logged in admin changed them. Settings such as HMAC 2021-11-17 6.8 CVE-2021-24804 
simple_jwt_login an a MISC 
verification secret, account registering and default user roles can 
be updated, which could result in site takeover. 
, CVE-2021-43977 
smarteitools:=sitartermaii SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 2021-11-17 4.3 MISC 
allows XSS. MISC 
CVE-2021-3931 
snipeitapp -- snipe-it snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-13 4.3 CONFIRM 
MISC 
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX g j 
talariax -- sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows need a loa S 
sendquick_alert_plus_server_admin\jattackers to obtain sensitive information via a Roster Time to — MISC 
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Primary ae z CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Grand Vice info Co. webopac7 book search field parameter does 
: not properly restrict the input of special characters, thus CVE-2021-42838 
vice -- webopac unauthenticated attackers can inject JavaScript syntax remotely, goz dalis 4.3 MISC 
and further perform reflective XSS attacks. 
Authenticated Database Reset vulnerability in WordPress WP CVE-2021-36909 
a Reset PRO Premium plugin (versions <= 5.98) allows any 44. MISC 
webractoryitd =- Wpareset -prg authenticated user to wipe the entire database regardless of their ROR TIIS 5.5 CONFIRM 
authorization. It leads to a complete website reset and takeover. MISC 
Cross-Site Request Forgery (CSRF) vulnerability leading to CVE-2021-36908 
Database Reset in WordPress WP Reset PRO Premium plugin CONFIRM 
webfactoryltd — wp _reset_pro (versions <= 5.98) allows attackers to trick authenticated into 2024-11-18 6.8 CONFIRM 
making unintentional database reset. CONFIRM 
The WordPress Popular Posts WordPress plugin is vulnerable to 
arbitrary file uploads due to insufficient input file type validation —— 
F : à : ; : MISC 
wordpress_popular_posts_project --||found in the ~/src/Image.php file which makes it possible for 2021-11-17 65 MISC 
wordpress_popular_posts attackers with contributor level access and above to upload FRES MISC 
malicious files that can be used to obtain remote code execution, MISC 
in versions up to and including 5.3.2. e 
The importFromRedirection AJAX action of the SEO Redirection 
ana Plugin â€“ 301 Redirect Manager WordPress plugin before 8.2, 
ee available to any authenticated user, does not properly sanitise the || 2021-11-17 6S irr siemens 
= = 9 offset parameter before using it in a SQL statement, leading an beeen 
SQL injection when the redirection plugin is also installed 
The WP Performance Score Booster WordPress plugin before 2.1 
wp_performance_score_booster_prgjém@ts not have CSRF check when saving its settings, which could 2021-11-17 43 CVE-2021-24776 
-- wp_performance_score_booster |lallow attackers to make a logged in admin change them via a = MISC 
CSRF attack. 
The Stream WordPress plugin before 3.8.2 does not sanitise and 
ia = stream validate the order GET parameter from the Stream Records admin 2021-11-17 65 ao 
p dashboard before using it in a SQL statement, leading to an SQL nos CONFIRM 
injection issue. a 
The YOP Poll WordPress plugin before 6.3.1 is affected by a 
stored Cross-Site Scripting vulnerability which exists in the Create 
Poll - Options module where a user with a role as low as author is oo 
yop-poll -- yop_poll allowed to execute arbitrary script code within the context of the 2021-11-17 4.3 CONFIRM 
application. This vulnerability is due to insufficient validation of Msc 
custom label parameters - vote button label , results link label and = 
back to vote caption label. 
Zoho Remote Access Plus Server Windows Desktop Binary fixed 
in 10.1.2132.6 is affected by a sensitive information disclosure 
vulnerability. Due to improper privilege management, the process 
zoho -- launches as the logged in user, so memory dump can be done by 2021-11-17 65 CVE-2021-42956 
manageengine_remote_access_plugnsereeimin also. Remotely, an attacker can dump all sensitive Ezi MISC 
information including DB Connection string, entire IT infrastructure 
details, commands executed by IT admin including credentials, 
secrets, private keys and more. 
Zoho Remote Access Plus Server Windows Desktop Binary fixed 
from 10.1.2121.1 is affected by incorrect access control. The 
installation directory is vulnerable to weak file permissions by 
zohocorp -- allowing full control for Windows Everyone user group (non-admin CVE-2021-42954 
. : eae A 2021-11-17 4.6 
manageengine_remote_access_plusgor any guest users), thereby allowing privilege escalation, MISC 
unauthorized password reset, stealing of sensitive data, access to 
credentials in plaintext, access to registry values, tampering with 
configuration files, etc. 
Back to top 
Low Vulnerabilities 
Primary = as : CVSS Source & Patch 
Vendor -- Product Description Rublished | Score Info 
Insufficient DRAM address validation in System Management Unit CVE-2021-26337 
amd -- epyc_7003_firmware (SMU) may result in a DMA read from invalid DRAM address to 2021-11-16 21 Msc 
SRAM resulting in SMU not servicing further requests. emer 
A side effect of an integrated chipset option may be able to be CVE-2020-12954 
amd -- epyc_7003_firmware used by an attacker to bypass SPI ROM protections, allowing 2021-11-16 21 Msc 
unauthorized SPI ROM modification. n 
amd -- epyc_7003_firmware AMD System Management Unit (SMU) may experience a heap- 2021-11-16 24 CVE-2021-26330 
based overflow which may result in a loss of resources. MISC 
amd -- epyc_7003_ firmware Insufficient validation of guest context in the SNP Firmware could 2021-11-16 | 21 CVE-2021-26327 











lead to a potential loss of guest confidentiality. 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
Insufficient input validation in the SNP_GUEST_REQUEST CVE-2021-26325 
amd -- epyc_7232p_firmware command may lead to a potential data abort error and a denial of || 2021-11-16 2l Msc 
service. a 
PSP protection against improperly configured side channels may 
lead to potential information disclosure. This issue affects: AMD 
; 1st Gen AMD EPYC™ versions prior to NaplesPI-SP3_1.0.0.G. CVE-2021-26312 
amde e pyE FOO Tne AMD 2nd Gen AMD EPYC™ versions prior to RomePI- 202121116 2.1 misc 
SP3_1.0.0.C. AMD 3rd Gen AMD EPYC™ versions prior to 
MilanPI-SP3_ 1.0.0.4. 
AMD System Management Unit (SMU) may experience an integer CVE-2021-26329 
amd -- epyc_7601_ firmware overflow when an invalid length is provided which may result in a 2021-11-16 2 mee °C 
potential loss of resources. = 
Insufficient validation of the AMD SEV Signing Key (ASK) in the CVE-2021-26320 
amd -- epyc_7601_firmware SEND_START command in the SEV Firmware may allow a local 2021-11-16 21 Msc 
authenticated attacker to perform a denial of service of the PSP N 
Kernel Pool Address disclosure in AMD Graphics Driver for CVE-2020-12897 
amd -- radeon_software Windows 10 may lead to KASLR bypass. 2021-11-15 | 21 [MISC 
Arbitrary Free After Use in AMD Graphics Driver for Windows 10 CVE-2020-12901 
ama--radson sofware may lead to KASLR bypass or information disclosure. POAN | = MISC 
Out of Bounds Read in AMD Graphics Driver for Windows 10 in CVE-2020-12904 
amd -- radeon_software Escape 0x3004203 may lead to arbitrary information disclosure. eels | 21 MISC 
Out of Bounds Read in AMD Graphics Driver for Windows 10 in CVE-2020-12905 
amd = radeoncsottware Escape 0x3004403 may lead to arbitrary information disclosure. EPIS | 21 MISC 
A potential denial of service issue exists in the AMD Display driver CVE-2020-12920 
amd -- radeon_software Escape 0x130007 Call handler. An attacker with low privilege 2021-11-15 2a) Msc 
could potentially induce a Windows BugCheck. = 
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape CVE-2020-12894 
amd -- radeon_software 0x40010d may lead to arbitrary write to kernel memory or denial of|| 2021-11-15 3.6 Msc 
service. amen 
AMD Graphics Driver for Windows 10, amdfender.sys may CVE-2020-12960 
amd -- radeon_software improperly handle input validation on InputBuffer which may result | 2021-11-15 21 Msc 
in a denial of service (DoS). a 
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead CVE-2020-12899 
amd = radeon_software to KASLR bypass or denial of service. poenas 3.6 MISC 
ASUS P453UJ contains the Improper Restriction of Operations 
within the Bounds of a Memory Buffer vulnerability. With a general 
asüs = på53uüi: bios user’s permission, local attackers can modify the BIOS by 2021-11-15 36 oo 
P J replacing or filling in the content of the designated Memory = MISC 
DataBuffer, which causing a failure of integrity verification and a 
further resulting in a failure to boot. 
An information disclosure vulnerability was reported in some 
binatoneglobal -- Motorola-branded Binatone Hubble Cameras that could allow an 2021-11-12 21 CVE-2021-3789 
halo_camera_firmware attacker with physical access to obtain the encryption key used to Ea CONFIRM 
decrypt firmware update packages. 
A buffer overflow was reported in the local web server of some 
binatoneglobal -- Motorola-branded Binatone Hubble Cameras that could allow an 2021-11-12 33 CVE-2021-3790 
halo_camera_firmware unauthenticated attacker on the same network to perform a ae CONFIRM 
denial-of-service attack against the device. 
An information disclosure vulnerability was reported in some 
: Motorola-branded Binatone Hubble Cameras that could allow an 
eae a lg O unauthenticated attacker on the same subnet to download an 2021-11-12 33 aaa S 
= = encrypted log file containing sensitive information such as WiFi seep eee 
SSID and password. 
BlueZ is a Bluetooth protocol stack for Linux. In affected versions 
a vulnerability exists in sdp_cstate_alloc_buf which allocates 
memory which will always be hung in the singly linked list of CVE-2021-41229 
bluez -- bluez cstates and will not be freed. This will cause a memory leak over 2021-11-12 JS CONFIRM 
time. The data can be a very large object, which can be caused by = 
an attacker continuously sending sdp packets and this may cause 
the service of the target device to crash. 
P : ae CVE-2021-3915 
bookstackapp -- bookstack bookstack is vulnerable to Unrestricted Upload of File with 2021-11-13 3.5 MISC 
Dangerous Type CONFIRM 
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brainstormforce -- starter_templates 


On sites that also had the Elementor plugin for WordPress 
installed, it was possible for users with the edit_posts capability, 
which includes Contributor-level users, to import blocks onto any 
page using the astra-page-elementor-batch-process AJAX action. 
An attacker could craft and host a block containing malicious 
JavaScript on a server they controlled, and then use it to overwrite 
any post or page by sending an AJAX request with the action set 
to astra-page-elementor-batch-process and the url parameter 
pointed to their remotely-hosted malicious block, as well as an id 
parameter containing the post or page to overwrite. Any post or 
page that had been built with Elementor, including published 
pages, could be overwritten by the imported block, and the 
malicious JavaScript in the imported block would then be 
executed in the browser of any visitors to that page. 


2021-11-17 


CVE-2021-42360 
MISC 








busybox -- busybox 


A NULL pointer dereference in Busybox's man applet leads to 
denial of service when a section name is supplied but no page 
argument is given 


2021-11-15 


CVE-2021-42373 
N/A 








busybox -- busybox 


An incorrect handling of a special element in Busybox's ash applet 
leads to denial of service when processing a crafted shell 
command, due to the shell mistaking specific characters for 
reserved characters. This may be used for DoS under rare 
conditions of filtered command input. 


2021-11-15 


CVE-2021-42375 
N/A 








busybox -- busybox 


A NULL pointer dereference in Busybox's hush applet leads to 
denial of service when processing a crafted shell command, due 
to missing validation after a \x03 delimiter character. This may be 
used for DoS under very rare conditions of filtered command 
input. 


2021-11-15 


CVE-2021-42376 
N/A 








busybox -- busybox 


An out-of-bounds heap read in Busybox's unlzma applet leads to 
information leak and denial of service when crafted LZMA- 
compressed input is decompressed. This can be triggered by any 
applet/format that 


2021-11-15 


CVE-2021-42374 
N/A 








ckeditor -- ckeditor 


CKEditor4 is an open source WYSIWYG HTML editor. In affected 
versions a vulnerability has been discovered in the Advanced 
Content Filter (ACF) module and may affect all plugins used by 
CKEditor 4. The vulnerability allowed to inject malformed HTML 
bypassing content sanitization, which could result in executing 
JavaScript code. It affects all users using the CKEditor 4 at 
version < 4.17.0. The problem has been recognized and patched. 
The fix will be available in version 4.17.0. 


2021-11-17 


CVE-2021-41164 
CONFIRM 

MISC 

CONFIRM 








codepeople -- contact_form_email 


The Contact Form Email WordPress plugin is vulnerable to Stored 
Cross-Site Scripting due to insufficient input validation and 
escaping via the name parameter found in the ~/trunk/cp-admin- 
int-list.inc.php file which allowed attackers with administrative user 
access to inject arbitrary web scripts, in versions up to and 
including 1.3.24. This affects multi-site installations where 
unfiltered_html is disabled for administrators, and sites where 
unfiltered_html is disabled. 


2021-11-17 


CVE-2021-42361 
MISC 
MISC 








fortinet -- fortios 


An exposure of sensitive information to an unauthorized actor 
vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 
through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated 
user assigned to a specific VDOM to retrieve other VDOMs 
information such as the admin account list and the network 
interface list. 


2021-11-17 


CVE-2021-32600 
CONFIRM 








getkirby -- kirby 











Kirby is an open source file structured CMS. In affected versions 
Kirby's blocks field stores structured data for each block. This data 
is then used in block snippets to convert the blocks to HTML for 
use in your templates. We recommend to escape HTML special 
characters to protect against cross-site scripting (XSS) attacks. 
The default snippet for the image block unfortunately did not use 
our escaping helper. This made it possible to include malicious 
HTML code in the source, alt and link fields of the image block, 
which would then be displayed on the site frontend and executed 
in the browsers of site visitors and logged in users who are 
browsing the site. Attackers must be in your group of 
authenticated Panel users in order to exploit this weakness. Users 
who do not make use of the blocks field are not affected. This 
issue has been patched in Kirby version 3.5.8 by escaping special 
HTML characters in the output from the default image block 
snippet. Please update to this or a later version to fix the 
vulnerability. 








2021-11-16 











CVE-2021-41258 
MISC 

CONFIRM 

MISC 
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getkirby -- kirby 


Kirby is an open source file structured CMS ### Impact Kirby's 
writer field stores its formatted content as HTML code. Unlike with 
other field types, it is not possible to escape HTML special 
characters against cross-site scripting (XSS) attacks, otherwise 
the formatting would be lost. If the user is logged in to the Panel, a 
harmful script can for example trigger requests to Kirby's API with 
the permissions of the victim. Because the writer field did not 
securely sanitize its contents on save, it was possible to inject 
malicious HTML code into the content file by sending it to Kirby's 
API directly without using the Panel. This malicious HTML code 
would then be displayed on the site frontend and executed in the 
browsers of site visitors and logged in users who are browsing the 
site. Attackers must be in your group of authenticated Panel users 
in order to exploit this weakness. Users who do not make use of 
the writer field are not affected. This issue has been patched in 
Kirby 3.5.8 by sanitizing all writer field contents on the backend 
whenever the content is modified via Kirby's API. Please update to 
this or a later version to fix the vulnerability. 


2021-11-16 


CVE-2021-41252 
CONFIRM 

MISC 

MISC 








google -- android 


In flv extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05594988; Issue ID: ALPS05594988. 


2021-11-18 


CVE-2021-0624 
MISC 








google -- android 


In Browser app, there is a possible information disclosure due to a 
missing permission check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
AALPS05969704; Issue ID: ALPS05969704. 


2021-11-18 


CVE-2021-0672 
MISC 








google -- android 


In apusys, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with System execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05672086; Issue ID: ALPS05672086. 


2021-11-18 


CVE-2021-0666 
MISC 








google -- android 


In apusys, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with System execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05672113; Issue ID: ALPS05672113. 


2021-11-18 


CVE-2021-0665 
MISC 








google -- android 


In apusys, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with System execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
AALPS05687559; Issue ID: ALPS05687559. 


2021-11-18 


CVE-2021-0659 
MISC 








google -- android 


In ape extractor, there is a possible out of bounds read due to a 
missing bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561395; Issue ID: ALPS05561395. 


2021-11-18 


CVE-2021-0619 
MISC 








google -- android 


In asf extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05489178; Issue ID: ALPS05561381. 


2021-11-18 


CVE-2021-0620 
MISC 








google -- android 


In asf extractor, there is a possible out of bounds read due to an 
integer overflow. This could lead to local information disclosure 
with no additional execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: ALPS05489178; Issue ID: 
ALPS05561383. 


2021-11-18 


CVE-2021-0621 
MISC 








google -- android 


In asf extractor, there is a possible out of bounds read due toa 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05489178; Issue ID: ALPS05561388. 


2021-11-18 


CVE-2021-0622 
MISC 








google -- android 


In asf extractor, there is a possible out of bounds read due to an 
integer overflow. This could lead to local information disclosure 
with no additional execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: ALPS05489178; Issue ID: 
AALPS05585817. 


2021-11-18 


CVE-2021-0623 
MISC 








helpful_project -- helpful 








The Helpful WordPress plugin before 4.4.59 does not sanitise and 
escape some of its settings, which could allow high privilege users 
to perform Cross-Site Scripting attacks even when the 





unfiltered_html capability is disallowed 








2021-11-17 








CVE-2021-24841 
MISC 
MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Improper Access Control vulnerability in the application 
authentication and authorization of Hitachi Energy Retail 
Operations, Counterparty Settlement and Billing (CSB) allows an CVE-2021-35528 
hitachienergy -- attacker to execute a modified signed Java Applet JAR file. A 2021-11-17 36 CONFIRM 
counterparty_settlements_and_billingsuccessful exploitation may lead to data extraction or modification ur CONFIRM 
of data inside the application. This issue affects: Hitachi Energy e 
Retail Operations 5.7.3 and prior versions. Hitachi Energy 
Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. 
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user CVE-2021-38949 
ibm -- mq credentials in plain clear text which can be read by a local user. 2021-11-16 2 CONFIRM 
IBM X-Force ID: 211403. XE 
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is 
ibn vulnerable to cross-site scripting. This vulnerability allows users to CVE-2021-38982 
secürity-auärdiumi key- lifecycle magmhed arbitrary JavaScript code in the Web UI thus altering the 2021-11-15 3.5 XF 
y9 Key_iltecycle_maitasted functionality potentially leading to credentials disclosure CONFIRM 
within a trusted session. IBM X-Force ID: 212791. 
bme IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores CVE-2021-38976 
i : 3 user credentials in plain clear text which can be read by a local 2021-11-15 A XF 
security_guardium_key_lifecycle_managery E rce ID: 212781 CONFIRM 
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site 
ibm -- scripting. This vulnerability allows users to embed arbitrary CVE-2020-4140 
eaeuriti: Sitanrolecion-evatem JavaScript code in the Web UI thus altering the intended 2021-11-12 3.5 XF 
y_silep -SY functionality potentially leading to credentials disclosure within a CONFIRM 
trusted session. IBM X-Force ID: 174052. 
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged CVE-2021-38882 
ibm -- spectrum_scale admin to destroy filesystem audit logging records before expiration|| 2021-11-16 2l CONFIRM 
time. IBM X-Force ID: 209164. XF 
IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, 
bmi- spss-statistics and 28.0 could allow a local user to cause a denial of service by 2021-11-17 21 C ERDEN 
PSs_ writing arbitrary files to admin protected directories on the system. — CONFIRM 
IBM X-Force ID: 212046. E 
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local CVE-2021-29860 
ibm -- vios user to exploit a vulnerability in the libc.a library to expose 2021-11-17 ai CONFIRM 
sensitive information. IBM X-Force ID: 206084. XF 
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local CVE-2021-29861 
ibm -- vios user to exploit a vulnerability in EFS to expose sensitive 2021-11-17 2.1 XF 
information. IBM X-Force ID: 206085. CONFIRM 
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode 
\ ; that prints out other pages' content and custom fields. It can be 
Mor eRoge PRIE = used by users with a role as low as Contributor to perform Cross- 2021-11-17 3.5 an 
-pag Site Scripting attacks by storing the payload/s in another post's E 
custom fields. 
Improper input validation in firmware for some Intel(R) 
\ : PROSet/Wireless WiFi in multiple operating systems and some CVE-2021-0069 
inteli- ax210_firmware Killer(TM) WiFi in Windows 10 may allow an unauthenticated user | 2021-11-17 323 [MISC 
to potentially enable denial of service via adjacent access. 
Out-of-bounds write in firmware for some Intel(R) 
i 2 ; PROSet/Wireless WiFi in multiple operating systems and some re CVE-2021-0075 
niels akeo irmware Killer(TM) WiFi in Windows 10 may allow a privileged user to POEIER 2.1 misc 
potentially enable denial of service via local access. 
Improper initialization in firmware for some Intel(R) 
; ; PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may CVE-2021-0053 
intel =ax210_firmware allow an authenticated user to potentially enable information ee ea at MISC 
disclosure via adjacent access. 
Improper access control in some Intel(R) Thunderbolt(TM) 
intel -- thunderbolt_dch_driver Windows DCH Drivers before version 1.41 -1054.0 may allow 2021-11-17 24 CVE-2021-0110 
unauthenticated user to potentially enable denial of service via MISC 
local access. 
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape 
the parameter name of reactive parameters and dynamic CVE-2021-21699 
jenkins -- active_choices reference parameters, resulting in a stored cross-site scripting -11- 35 
jenki ti hoi fi t Iting i tored it ipti 2021-11-12 3.5 CONFIRM 
(XSS) vulnerability exploitable by attackers with Job/Configure MLIST 
permission. 
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name 
isniking-=< seriptler of scripts on the UI when asking to confirm their deletion, resulting 2021-11-12 35 ee = 
! p in a stored cross-site scripting (XSS) vulnerability exploitable by J MLIST 
exploitable by attackers able to create Scriptler scripts. Ban 
An information disclosure vulnerability was reported in the Time 
lenovo -- legion_phone_pro_\ Weather system widget on Legion Phone Pro (L79031) and 2021-11-12 21 CVE-2021-3720 
(179031\)firmware Legion Phone2 Pro (L70081) that could allow other applications to = CONFIRM 
access device GPS data. 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
In the Linux kernel through 5.15.2, mwifiex_usb_recv in 
: ; drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who CVE-2021-43976 
linux -- linux_kernel can connect a crafted USB device) to cause a denial of service ely 24 MISC 
(skb_over_panic). 
A remote attacker with write access to PI Vision could inject code 
into a display. Unauthorized information disclosure, modification, 
; eee or deletion is possible if a victim views or interacts with the CVE-2021-43551 
osisoft — pi_vision infected display using Microsoft Internet Explorer. The impact eel 3.5 MISC 
affects PI System data and other data accessible with victim’s 
user permissions. 
The QR Redirector WordPress plugin before 1.6.1 does not 
qr_redirector_project -- sanitise and escape some of the QR Redirect fields, which could 2021-11-17 35 CVE-2021-24854 
qr_redirector allow users with a role as low as Contributor perform Stored — MISC 
Cross-Site Scripting attacks. 
Information disclosure through timing and power side-channels 
during mod exponentiation for RSA-CRT in Snapdragon Auto, 
Snapdragon Compute, Snapdragon Connectivity, Snapdragon CVE-2021-1924 
qualcomm -- apq8009_ firmware Consumer Electronics Connectivity, Snapdragon Consumer IOT, 2021-11-12 2.1 Arca es 
CONFIRM 
Snapdragon Industrial IOT, Snapdragon loT, Snapdragon Voice & E 
Music, Snapdragon Wearables, Snapdragon Wired Infrastructure 
and Networking 
snipeitapp -- snipe-it snipe-it is vulnerable to Improper Neutralization of Input During 2021-11-13 3.5 ae 
Web Page Generation ('Cross-site Scripting’) =R CONFIRM 
The Shared Files WordPress plugin before 1.6.61 does not 
; sanitise and escape the Download Counter Text settings, which CVE-2021-24856 
tammersoft -- shared_files . a3 : ao 2021-11-17 35 MISC 
could allow high privilege users to perform Cross-Site Scripting MISC 
attacks even when the unfiltered_html capability is disallowed leer 
The Client Invoicing by Sprout Invoices WordPress plugin before 
webventures -- 19.9.7 does not sanitise and escape some of its settings, which 2021-11-17 35 CVE-2021-24787 
client_invoicing_by_sprout_invoices||could allow high privilege users to perform Cross-Site Scripting z% MISC 
attacks even when the unfiltered_html capability is disallowed 
In WIBU CodeMeter Runtime before 7.30a, creating a crafted rer 
wibu -- codemeter_runtime CmDongles symbolic link will overwrite the linked file without 2021-11-14 26 CONFIRM 
checking permissions. Msc 
The Accept Donations with PayPal WordPress plugin before 1.3.2 
s does not escape the Amount Menu Name field of created Buttons, 
ae with ‘oavoal which could allow a high privilege users to perform Cross-Site 2021-11-17 3:5 oo 
PL —with_payp Scripting attacks even when the unfiltered_html capability is me 
disallowed. 
The Testimonial WordPress plugin before 1.6.0 does not escape 
wposhopmart = testimonial builder |S°™* testimonial fields which could allow high privilege users to 2021-11-17 35 nn 
psnop = perform Cross Site Scripting attacks even when the ER CONFIRM 
unfiltered_html capability is disallowed eR 
The YOP Poll WordPress plugin before 6.3.1 is affected by a 
stored Cross-Site Scripting vulnerability, which exists in the Admin CVE-2021-24833 
onvol vonoi preview module where a user with a role as low as author is 2021-11-17 35 MISC 
yor-p yop_p allowed to execute arbitrary script code within the context of the ER MISC 
application. This vulnerability is due to insufficient validation of CONFIRM 
question and answer text parameters in Create Poll module. 
Back to top 
Severity Not Yet Assigned 
Primary el P CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
4MOSAn GCB Doctor’s login page has improper validation of 
Cookie, which allows an unauthenticated remote attacker to 
smosan= amosan bypass authentication by code injection in cookie, and arbitrarily 2021-11-19 Me aa 
manipulate the system or interrupt services by upload and Ea 
execution of arbitrary files. 
Adobe Audition version 14.2 (and earlier) is affected by an out-of- 
bounds read vulnerability when parsing a specially crafted file. An 
adobe -- audition unauthenticated attacker could leverage this vulnerability to 2021-11-19 not yet ||CVE-2021-36003 
disclose arbitrary memory information in the context of the current calculated ||MISC 











user. Exploitation of this issue requires user interaction in that a 
victim must open a malicious file. 
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version < 4.17.0. The problem has been recognized and patched. 
The fix will be available in version 4.17.0. 

















Prima ae : CVSS Source & Patch 
Vendor -- inaia Description Published Score Info 
Adobe Creative Cloud version 5.5 (and earlier) are affected by an 
Application denial of service vulnerability in the Creative Cloud 
adobe -- creative_cloud Desktop installer. An authenticated attacker could leverage this 2021-11-18 not yet ||CVE-2021-43017 
vulnerability to achieve denial of service in the context of the user. calculated |MISC 
User interaction is required before product installation to abuse 
this vulnerability. 
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and CVE-2021-43997 
amazon -- freertos AARMv8-M MPU platforms does not prevent non-kernel code from 2021-11-17 not yet Msc 
calling the xPortRaisePrivilege and vPortResetPrivilege internal calculated MISC 
functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2. nn 
A brute-force protection bypass in CAPTCHA protection in ASUS CVE-2021-41435 
ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, MISC 
RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM MISC 
asus -- multiple_products EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U not yet MISC 
= ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, || 2021-11-19 ealeulaied MISC 
TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS MISC 
ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U MISC 
before 3.0.0.4.386.45911, allows a remote attacker to attempt any MISC 
number of login attempts via sending a specific HTTP request. MISC 
An HTTP request smuggling in web application in ASUS ROG CVE-2021-41436 
Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT- MISC 
AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM MISC 
asus — multiple_products EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U not yet MISC 
= ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, || 2021-11-19 calculated MISC 
TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS MISC 
ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U MISC 
before 3.0.0.4.386.45911, allows a remote unauthenticated MISC 
attacker to DoS via sending a specially crafted HTTP packet. MISC 
beyondtrust -- beyondtrust a alameda i Management prior to version 21 .6 creates a 2021-11-19 not yet a 
emporary File in a Directory with Insecure Permissions. calculated MISC 
A vulnerability in the web-based management interface of Cisco 
Common Services Platform Collector (CSPC) could allow an 
authenticated, remote attacker to conduct a cross-site scripting 
(XSS) attack against a user of the interface. This vulnerability is 
cisco -- due to insufficient validation of user-supplied input that is 
common_services_platform_collectajprocessed by the web-based management interface. An attacker 2021-11-19 a z a — ma 
could exploit this vulnerability by adding malicious code to the Gr 
configuration by using the web-based management interface. A 
successful exploit could allow the attacker to execute arbitrary 
code in the context of the interface or access sensitive, browser- 
based information. 
A vulnerability in the web application of Cisco Common Services 
Platform Collector (CSPC) could allow an authenticated, remote 
disco attacker to specify non-log files as sources for syslog reporting. 
common_services_platform collectaf! "is vulnerability is due to improper restriction of the syslog 2021-11-19 not yet CVE-2021-40130 
= = = configuration. An attacker could exploit this vulnerability by calculated |CISCO 
configuring non-log files as sources for syslog reporting through 
the web application. A successful exploit could allow the attacker 
to read non-log files on the CSPC. 
A vulnerability in the configuration dashboard of Cisco Common 
Services Platform Collector (CSPC) could allow an authenticated, 
remote attacker to submit a SQL query through the CSPC 
cisco -- configuration dashboard. This vulnerability is due to insufficient 
common_services_platform_collectajinput validation of uploaded files. An attacker could exploit this 2021-11-19 es — e 
vulnerability by uploading a file containing a SQL query to the a 
configuration dashboard. A successful exploit could allow the 
attacker to read restricted information from the CSPC SQL 
database. 
CKEditor4 is an open source WYSIWYG HTML editor. In affected 
version a vulnerability has been discovered in the core HTML 
processing module and may affect all plugins used by CKEditor 4. CVE-2021-41165 
ckeditor4 -- ckeditor4 The vulnerability allowed to inject malformed comments HTML 2021-11-17 not yet ||MISC 
bypassing content sanitization, which could result in executing calculated |CONFIRM 
JavaScript code. It affects all users using the CKEditor 4 at CONFIRM 
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CVSS 
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Source & Patch 
Info 








concrete -- cms 


Concrete CMS (formerly concrete5) versions 8.5.6 and below and 
version 9.0.0 allow local IP importing causing the system to be 
vulnerable toa. SSRF attacks on the private LAN servers by 
reading files from the local LAN. An attacker can pivot in the 
private LAN and exploit local network appsandb. SSRF Mitigation 
Bypass through DNS RebindingConcrete CMS security team gave 
this a CVSS score of 3.5 
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is 
maintaining Concrete version 8.5.x until 1 May 2022 for security 
fixes. This CVE is shared with HackerOne Reports 
https://hackerone.com/reports/1364797 and 
https://hackerone.com/reports/1360016Reporters: Adrian Tiron 
from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul 
Jaiswal 


2021-11-19 


not yet 
calculated 


CVE-2021-22970 
MISC 
MISC 
MISC 








concrete -- cms 


Concrete CMS (formerly concrete5) versions below 8.5.7 has a 
SSRF mitigation bypass using DNS Rebind attack giving an 
attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix 
this Concrete CMS no longer allows downloads from the local 
network and specifies the validated IP when downloading rather 
than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE 
( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this 
a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/AUEN . 
Please note that Cloud IAAS provider mis-configurations are not 
Concrete CMS vulnerabilities. A mitigation for this vulnerability is 
to make sure that the IMDS configurations are according to a 
cloud provider's best practices. This fix is also in Concrete version 
9.0.0 


2021-11-19 


not yet 
calculated 


CVE-2021-22969 
MISC 
MISC 








concrete -- cms 


A bypass of adding remote files in Concrete CMS (previously 
concrete5) File Manager leads to remote code execution in 
Concrete CMS (concrete5) versions 8.5.6 and below. The external 
file upload feature stages files in the public directory even if they 
have disallowed file extensions. They are stored in a directory with 
a random name, but it's possible to stall the uploads and brute 
force the directory name. You have to be an admin with the ability 
to upload files, but this bug gives you the ability to upload 
restricted file types and execute them depending on server 
configuration. To fix this, a check for allowed file extensions was 
added before downloading files to a tmp directory.Concrete CMS 
Security Team gave this a CVSS v3.1 score of 5.4 
AAV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete 
version 9.0.0 


2021-11-19 


not yet 
calculated 


CVE-2021-22968 
MISC 
MISC 








concrete -- cms 


In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows 
Unauthenticated User to Access Restricted Files If Allowed to Add 
Message to a Conversation. To remediate this, a check was added 
to verify a user has permissions to view files before attaching the 
files to a message in "add / edit message”.Concrete CMS security 
team gave this a CVSS v3.1 score of 4.3 
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian 
H 


2021-11-19 


not yet 
calculated 


CVE-2021-22967 
MISC 
MISC 








concrete -- cms 


Privilege escalation from Editor to Admin using Groups in 
Concrete CMS versions 8.5.6 and below. If a group is granted 
"view" permissions on the bulkupdate page, then users in that 
group can escalate to being an administrator with a specially 
crafted curl. Fixed by adding a check for group permissions before 
allowing a group to be moved. Concrete CMS Security team 
CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit 
for discovery: "Adrian Tiron from FORTBRIDGE ( 
https://www.fortbridge.co.uk/ )"This fix is also in Concrete version 
9.0.0 


2021-11-19 


not yet 
calculated 


CVE-2021-22966 
MISC 
MISC 








concretecms -- concretecms 


Unauthorized individuals could view password protected files 
using view_inline in Concrete CMS (previously concrete 5) prior to 
version 8.5.7. Concrete CMS now checks to see if a file has a 
password in view_inline and, if it does, the file is not rendered.For 
version 8.5.6, the following mitigations were put in place a. 
restricting file types for view_inline to images only b. putting a 
warning in the file manager to advise users.Credit for discovery: 
"Solar Security Research Team"Concrete CMS security team 
CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis 
fix is also in Concrete version 9.0.0 


2021-11-19 


not yet 
calculated 


ICVE-2021-22951 
MISC 
MISC 








dell -- bios 











Dell BIOS contains an improper input validation vulnerability. A 
local authenticated malicious user may potentially exploit this 
vulnerability by using an SMI to gain arbitrary code execution in 
SMRAM. 








2021-11-12 





not yet 
calculated 








CVE-2021-36323 
MISC 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
Dell BIOS contains an improper input validation vulnerability. A 
dell -- bios local authenticated malicious user may potentially exploit this 2021-11-12 not yet ||CVE-2021-36324 
vulnerability by using an SMI to gain arbitrary code execution in calculated ||MISC 
SMRAM. 
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive 
dell -- emc_scg information disclosure vulnerability. A local malicious user may 2021-11-20 Note) aes een 
Harter a pred p H calculated ||MISC 
exploit this vulnerability to read sensitive information and use it. 
Networking OS10, versions prior to October 2021 with 
r RESTCONF API enabled, contains a privilege escalation 
dell. -=emc-smartfabric vulnerability. A malicious low privileged user with specific access 2021-11-20 Mr v1 niael 
to the API could potentially exploit this vulnerability to gain admin leases 
privileges on the affected system. 
Networking OS10, versions prior to October 2021 with Smart 
; Fabric Services enabled, contains an authentication bypass 
dell. eme smartfabrie vulnerability. A remote unauthenticated attacker could exploit this 2021-11-20 a ae e 
vulnerability to gain access and perform actions on the affected reS, 
system. 
Networking OS10, versions prior to October 2021 with 
; RESTCONF API enabled, contains an authentication bypass 
dell. -emc smartfabric vulnerability. A remote unauthenticated attacker could exploit this 2021-11-20 M e AR 
vulnerability to gain access and perform actions on the affected esa 
system. 
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 
dell -- networking 10.5.2.x, contain an uncontrolled resource consumption flaw in its 2021-11-20 not yet |CVE-2021-36310 
API service. A high-privileged API user may potentially exploit this calculated ||MISC 
vulnerability, leading to a denial of service. 
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x 
dell -- networking contain an information exposure vulnerability. A low privileged 2021-11-20 not yet CVE-2021-36319 
authenticated malicious user can gain access to SNMP calculated |MISC 
authentication failure messages. 
Dell Networking X-Series firmware versions prior to 3.0.1.8 
dell -- networking_x-series contain an authentication bypass vulnerability. A remote 2021-11-20 not yet |CVE-2021-36320 
unauthenticated attacker may potentially hijack a session and calculated |MISC 
access the webserver by forging the session ID. 
Dell Networking X-Series firmware versions prior to 3.0.1.8 
dell -- networking_x-series contain an improper input validation vulnerability. A remote 2021-11-20 not yet |CVE-2021-36321 
unauthenticated attacker may potentially exploit this vulnerability calculated |MISC 
by sending specially crafted data to trigger a denial of service. 
Dell Networking X-Series firmware versions prior to 3.0.1.8 
; : contain a host header injection vulnerability. A remote 
dell = networking. sence unauthenticated attacker may potentially exploit this vulnerability || 2021-11-20 Boa Io Me 
by injecting arbitrary host header values to poison the web-cache Gn 
or trigger redirections. 
The OCI Distribution Spec project defines an API protocol to 
facilitate and standardize the distribution of content. In the OCI 
Distribution Specification version 1.0.0 and prior, the Content-Type 
header alone was used to determine the type of document during 
push and pull operations. Documents that contain both “manifests” 
and “layers” fields could be interpreted as either a manifest or an 
distribution: sae index in the absence of an accompanying Content-Type header. If CVE-2021-41190 
EEn cee a Content-Type header changed between two pulls of the same 2021-11-17 not yet CONFIRM 
SP digest, a client may interpret the resulting content differently. The calculated |MISC 
OCI Distribution Specification has been updated to require that a MLIST 
mediaType value present in a manifest or index match the 
Content-Type header used during the push and pull operations. 
Clients pulling from a registry may distrust the Content-Type 
header and reject an ambiguous document that contains both 
“manifests” and “layers” fields or “manifests” and “config” fields if 
they are unable to update to version 1.0.1 of the spec. 
django -- helpdesk django-helpdesk is vulnerable to Improper Neutralization of Input not yet CVE-2021-3950 
: i a A 2021-11-19 MISC 
During Web Page Generation ('Cross-site Scripting’) calculated CONFIRM 
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edgex -- edgex 


Functions SDK for EdgeX is meant to provide all the plumbing 
necessary for developers to get started in 
processing/transforming/exporting data out of the EdgeX loT 
platform. In affected versions broken encryption in app-functions- 
sdk “AES” transform in EdgeX Foundry releases prior to Jakarta 
allows attackers to decrypt messages via unspecified vectors. The 
app-functions-sdk exports an “aes” transform that user scripts can 
optionally call to encrypt data in the processing pipeline. No 
decrypt function is provided. Encryption is not enabled by default, 
but if used, the level of protection may be less than the user may 
expects due to a broken implementation. Version v2.1.0 (EdgeX 
Foundry Jakarta release and later) of app-functions-sdk-go/v2 
deprecates the “aes” transform and provides an improved 
“aes256” transform in its place. The broken implementation will 
remain in a deprecated state until it is removed in the next Edgex 
major release to avoid breakage of existing software that depends 
on the broken implementation. As the broken transform is a library 
function that is not invoked by default, users who do not use the 
AES transform in their processing pipelines are unaffected. Those 
that are affected are urged to upgrade to the Jakarta EdgeX 
release and modify processing pipelines to use the new "aes256" 
transform. 


2021-11-19 


not yet 
calculated 


CVE-2021-41278 
MISC 
CONFIRM 








elastic -- kibana 


It was discovered that Kibana’s JIRA connector & IBM Resilient 
connector could be used to return HTTP response data on internal 
hosts, which may be intentionally hidden from public view. Using 
this vulnerability, a malicious user with the ability to create 
connectors, could utilize these connectors to view limited HTTP 
response data on hosts accessible to the cluster. 


2021-11-18 


not yet 
calculated 


CVE-2021-37939 
MISC 








elastic -- kibana 


It was discovered that on Windows operating systems specifically, 
Kibana was not validating a user supplied path, which would load 
.pbf files. Because of this, a malicious user could arbitrarily 
traverse the Kibana host to load internal files ending in the .pbf 
extension. Thanks to Dominic Couture for finding this vulnerability. 


2021-11-18 


not yet 
calculated 


CVE-2021-37938 
MISC 








gallagher -- command_centre 


Improper certificate validation vulnerability in SMTP Client allows 
man-in-the-middle attack to retrieve sensitive information from the 
Command Centre Server. This issue affects: Gallagher Command 
Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior 
to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 
version 8.20 and prior versions. 


2021-11-18 


not yet 
calculated 


CVE-2021-23167 
MISC 








gallagher -- command_centre 


An Incomplete Comparison with Missing Factors vulnerability in 
the Gallagher Controller allows an attacker to bypass PIV 
verification. This issue affects: Gallagher Command Centre 8.40 
versions prior to 8.40.1888 (MR3); 8.30 versions prior to 
8.30.1454 (MR3); 8.20 versions prior to 8.20.1291 (MR5); 8.10 
versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. 


2021-11-18 


not yet 
calculated 


CVE-2021-23146 
MISC 








gallagher -- 
command_centre_mobile_client 


Improper validation of the cloud certificate chain in Mobile Client 
allows man-in-the-middle attack to impersonate the legitimate 
Command Centre Server. This issue affects: Gallagher Command 
Centre Mobile Client for Android 8.60 versions prior to 8.60.065; 
version 8.50 and prior versions. 


2021-11-18 


not yet 
calculated 


CVE-2021-23155 
MISC 








gallagher -- 
command_centre_mobile_connect 


Improper validation of the cloud certificate chain in Mobile 
Connect allows man-in-the-middle attack to impersonate the 
legitimate Command Centre Server. This issue affects: Gallagher 
Command Centre Mobile Connect for Android 15 versions prior to 
15.04.040; version 14 and prior versions. 


2021-11-18 


not yet 
calculated 


ICVE-2021-23162 
MISC 








gallagher -- 
command_centre_server 


Improper privilege validation vulnerability in COM Interface of 
Gallagher Command Centre Server allows authenticated 
unprivileged operators to retrieve sensitive information from the 
Command Centre Server. This issue affects: Gallagher Command 
Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions 
prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 
8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior 
versions. 


2021-11-18 


not yet 
calculated 


CVE-2021-23193 
MISC 








gallagher -- 
command_centre_server 


Unquoted service path vulnerability in the Gallagher Controller 
Service allows an unprivileged user to execute arbitrary code as 
the account that runs the Controller Service. This issue affects: 
Gallagher Command Centre 8.50 versions prior to 8.50.2048 
(MR3) ; 


2021-11-18 


not yet 
calculated 


CVE-2021-23197 
MISC 








gcc -- gcc 


GCC c++filt v2.26 was discovered to contain a use-after-free 
vulnerability via the component cplus-dem.c. 


2021-11-18 


not yet 
calculated 


CVE-2021-37322 
MISC 








gerbv -- gerbv 











An out-of-bounds write vulnerability exists in the drill format T- 
code tool number functionality of Gerbv 2.7.0, dev (commit 
b5fleacd), and the forked version of Gerbv (commit 71493260). A 
specially-crafted drill file can lead to code execution. An attacker 
can provide a malicious file to trigger this vulnerability. 








2021-11-19 





not yet 
calculated 








CVE-2021-40391 
MISC 
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getgrav -- getgrav 


grav-plugin-admin is vulnerable to Improper Neutralization of Input 
During Web Page Generation ('Cross-site Scripting’) 


2021-11-19 


not yet 
calculated 





CVE-2021-3920 
MISC 
CONFIRM 








go-ethereum -- go-ethereum 


Go-Ethereum 1.10.9 nodes crash (denial of service) after 
receiving a serial of messages and cannot be recovered. They will 
crash with "runtime error: invalid memory address or nil pointer 
dereference" and arise a SEGV signal. 


2021-11-18 


not yet 
calculated 


CVE-2021-43668 
MISC 








greenplum -- greenplum 


In versions of Greenplum database prior to 5.28.14 and 6.17.0, 
certain statements execution led to the storage of 
sensitive(credential) information in the logs of the database. A 
malicious user with access to logs can read sensitive(credentials) 
information about users 


2021-11-19 


not yet 
calculated 


CVE-2021-22030 
MISC 








greenplum -- greenplum 


In versions of Greenplum database prior to 5.28.6 and 6.14.0, 
greenplum database contains a file path traversal vulnerability 
leading to information disclosure from the file system. A malicious 
user can read/write information from the file system using this 
Vulnerability. 


2021-11-19 


not yet 
calculated 


CVE-2021-22028 
MISC 








hitachi -- energy_relion_products 


Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 
670/650/SAM600-IO series allows an attacker who manages to 
get access to the front network port and to cause a reboot 
sequences of the device may exploit the vulnerability, where there 
is a tiny time gap during the booting process where an older 
version of VxWorks is loaded prior to application firmware booting, 
could exploit the vulnerability in the older version of VxWorks and 
cause a denial-of-service on the product. This issue affects: 
Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 
versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 
2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 
670/650/SAM600-I0 2.2.1 all revisions. 


2021-11-18 


not yet 
calculated 


CVE-2021-35535 
CONFIRM 








hitachi -- energy_relion_products 


Insufficient security control vulnerability in internal database 
access mechanism of Hitachi Energy Relion 670/650/SAM600-I0, 
Relion 650, GMS600, PWC600 allows attacker who successfully 
exploited this vulnerability, of which the product does not 
sufficiently restrict access to an internal database tables, could 
allow anybody with user credentials to bypass security controls 
that is enforced by the product. Consequently, exploitation may 
lead to unauthorized modifications on data/firmware, and/or to 
permanently disabling the product. This issue affects: Hitachi 
Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 
2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 
Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; 
Hitachi Energy Relion 670/650/SAM600-I0O 2.2.1 all revisions; 
2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all 
revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 
1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi 
Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 
version 1.1.0.1 and prior versions. 


2021-11-18 


not yet 
calculated 


CVE-2021-35534 
CONFIRM 
CONFIRM 
CONFIRM 








hyperledger -- fabric 


A vulnerability has been detected in HyperLedger Fabric v1.4.0, 
v2.0.0, v2.1.0. This bug can be leveraged by constructing a 
message whose payload is nil and sending this message with the 
method 'forwardToLeader'. This bug has been admitted and fixed 
by the developers of Fabric. If leveraged, any leader node will 
crash. 


2021-11-18 


not yet 
calculated 


CVE-2021-43667 
MISC 
MISC 








hyperledger -- fabric 


A vulnerability has been detected in HyperLedger Fabric v1.4.0, 
v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers 
as the attacker wants. This bug can be leveraged by constructing 
a message whose header is invalid to the interface Order. This 
bug has been admitted and fixed by the developers of Fabric. 


2021-11-18 


not yet 
calculated 


CVE-2021-43669 
MISC 
MISC 








imagemagick -- imagemagick 


A flaw was found in ImageMagick 7.1.0-14 where it did not 
properly sanitize certain input before using it to invoke convert 
processes. This flaw allows an attacker to create a specially 
crafted image that leads to a use-after-free vulnerability when 
processed by ImageMagick. The highest threat from this 
vulnerability is to confidentiality, integrity, as well as system 
availability. 


2021-11-19 


not yet 
calculated 


CVE-2021-3962 
MISC 








intel -- 
administrative_tools_for_intel_netwo 


GENN 


aa access control in the installer Intel(R)Administrative 
wenn Adaptersfor Windowsbefore version 

AM unauthenticated user to potentially enable 
escalation of nivibae via local access. 


2021-11-17 


not yet 
calculated 


CVE-2021-33058 
MISC 








intel -- 
administrative_tools_for_intel_netwof, 








Improper input validation in the Intel(R) Administrative Tools for 
PN Network Adapters driver for Windows before version 
OFS. “fay allow a privileged user to potentially enable 





escalation of privilege via local access. 








2021-11-17 





not yet 
calculated 








CVE-2021-33059 
MISC 
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information disclosure via local access. 




















Primary are A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
intel -- Uncontrolled resource consumption in the Intel(R) Distribution of 
pipet s ‘ OpenVINOA,¢ Toolkit before version 2021.4 may allow an not yet CVE-2021-33073 
distribution_of_openvinoa_toolkit unauthenticated user to potentially enable denial of service via eae es calculated |MISC 
local access. 
i Improper input validation in the Intel(R) Ethernet ixgbe driver for 
intel ethernet Linux before version 3.17.3 may allow an authenticated user to 2021-11-17 Be -o 
potentially enable denial of service via local access. = 
intel -- Out-of-bounds write in the firmware for Intel(R) Ethernet 700 
ethernet_700_series_controllers Series Controllers before version 8.2 may allow a privileged user 2021-11-17 Miena a 
to potentially enable an escalation of privilege via local access. a 
; ; z ; Improper input validation in the Intel(R) Ethernet Diagnostic Driver 
intel -- ethernet_diagnostic_driver for Windows before version 1.4.0.10 may allow a privileged user 2021-11-17 aed oo 
to potentially enable escalation of privilege via local access. i 
Protection mechanism failure in the firmware for the Intel(R) 
intel -- ethernet_network_controllers||Ethernet Network Controller E810 before version 1.5.5.6 may 2021-11-17 not yet |CVE-2021-0197 
allow a privileged user to enable a denial of service via local calculated ||MISC 
access. 
Improper input validation in the firmware for the Intel(R) Ethernet 
intel -- ethernet_network_controllers||Network Controller E810 before version 1.6.0.6 may allow a 2021-11-17 not yet |CVE-2021-0199 
privileged user to potentially enable a denial of service via local calculated |MISC 
access. 
Improper access control in the firmware for the Intel(R) Ethernet 
intel -- ethernet_network_controllers||Network Controller E810 before version 1.5.5.6 may allow a 2021-11-17 not yet |CVE-2021-0198 
privileged user to potentially enable a denial of service via local calculated ||MISC 
access. 
Improper initialization in the installer for some Intel(R) Graphics 
; ; ; DCH Drivers for Windows 10 before version 27.20.100.9316 may not yet ||CVE-2021-0120 
intel — graphics_deh_drivers allow an authenticated user to potentially enable denial of service 2021-11-17 || calculated |MISC 
via local access. 
Uncontrolled resource consumption in the Intel(R) HAXM software 
intel -- haxm_software before version 7.6.6 may allow an unauthenticated user to 2021-11-17 Rel ae oo 
potentially enable privilege escalation via local access. < 
L Uncontrolled resource consumption in the Intel(R) HAXM software 
intel -- haxm_software before version 7.6.6 may allow an unauthenticated user to 2021-11-17 i os 
potentially enable information disclosure via local access. Se 
Incorrect default permissions in the installer for the Intel(R) 
intel -- oneapi_rendering_toolkit oneAPI Rendering Toolkit before version 2021.2 may allow an 2021-11-17 not yet ||CVE-2021-33071 
authenticated user to potentially enable escalation of privilege via calculated |MISC 
local access. 
Improper input validation in the BIOS firmware for some Intel(R) F p 
intel -- processors Processors may allow a privileged user to potentially enable 2021-11-17 B ae me 
escalation of privilege via local access. ae 
: Insufficient control flow management in the BIOS firmware for 
intel= processors some Intel(R) Processors may allow a privileged user to 2021-11-17 Me ee 
potentially enable escalation of privilege via local access. pea 
Hardware allows activation of test or debug logic at runtime for 
intel -- processors some Intel(R) processors which may allow an unauthenticated 2021-11-17 not yet CVE-2021-0146 
user to potentially enable escalation of privilege via physical calculated |MISC 
access. 
: Improper input validation in the Intel(R) SGX SDK applications 
intel — processors compiled for SGX2 enabled processors may allow a privileged 2021-11-17 elt Lae a 
user to potentially escalation of privilege via local access. (peas 
À i = Uncontrolled search path in software installer for Intel(R) 
intel -- proset/wireless_wifi PROSet/Wireless WiFi in Windows 10 may allow an authenticated | 2021-11-17 || _notyet |CVE-2021-0082 
: ; ae : calculated ||MISC 
user to potentially enable escalation of privilege via local access. Tana 
inteli Uncontrolled search path in the Intel(R) RealSense(TM) D400 
realsense_d400_series_uwp_driver Series UWP driver for Windows 10 before version 6.1 -160.22 may |) 5994-11-17 not yet |CVE-2021-33063 
= = =e allow an authenticated user to potentially enable escalation of calculated ||MISC 
privilege via local access. 
Improper access control in the software installer for the Intel(R) 
intel -- serial_io_driver Serial IO driver for Intel(R) NUC 11 Gen before version 2021-11-17 not yet ||CVE-2021-33118 
30.100.2104.1 may allow an authenticated user to potentially calculated |MISC 
enable escalation of privilege via local access. 
; Time-of-check time-of-use vulnerability in the Crypto API Toolkit 
intel -- sgx for Intel(R) SGX may allow a privileged user to potentially enable | 2021-11-17 || Notyet  |(CVE-2021-33097 
: o : calculated |MISC 
escalation of privilege via network access. 
, Insertion of information into log file in firmware for some Intel(R) 
intel — ssd_dc SSD DC may allow a privileged user to potentially enable 2021-11-17 || not yet e 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fd6a45 





30/36 


11/23/21, 9:32 AM 


Vulnerability Summary for the Week of November 15, 2021 


























































































































control, which may lead to information disclosure. 

















Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Incorrect default permissions in the software installer for the 
intel -- vtune_profiler Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an 2021-11-17 not yet ||CVE-2021-33062 
authenticated user to potentially enable escalation of privilege via calculated ||MISC 
local access. 
Improper access control in the installer for some Intel(R) Wireless 
intel -- Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 2021-11-17 not yet |CVE-2021-0151 
wireless_bluetooth_and_killer_bluetgotay mitwucta authenticated user to potentially enable escalation of calculated |MISC 
privilege via local access. 
intel Improper verification of cryptographic signature in the installer for 
: i some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) not yet |CVE-2021-0152 
wireless_bluetooth_and_killer_bluetdà A 4S indows 10 may allow an authenticated user to 2021-11-17 || calculated |MISC 
potentially enable denial of service via local access. 
ionic -- identity_vault In lonic Identity Vault before 5.0.5, the protection mechanism for 2021-11-19 not yet as 
invalid unlock attempts can be bypassed. calculated FULLDISC 
Oar aa CVE-2021-3957 
kimaia=kimal2 kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 || _notyet misc 
calculated 
CONFIRM 
Te SE CVE-2021-3963 
kinal mele kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 || Motyet CONFIRM 
calculated MISC 
re or CVE-2021-3976 
kimai2 = kimaiz kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) 2021-11-19 || _notyet MISC 
calculated 
CONFIRM 
A code execution vulnerability exists in the dxfRW::processLType() 
: i functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A not yet ||CVE-2021-21900 
librecad = librecad specially-crafted .dxf file can lead to a use-after-free vulnerability. 2021-11-19 || calculated MISC 
An attacker can provide a malicious file to trigger this vulnerability. 
A code execution vulnerability exists in the 
; ; dwgCompressor::copyCompBytes21 functionality of LibreCad 
ibrecadzlibrecad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted dwg fle can || 2021-11-19 | Tol vet FOr 
lead to a heap buffer overflow. An attacker can provide a B 
malicious file to trigger this vulnerability. 
A code execution vulnerability exists in the 
: : dwgCompressor::decompress18() functionality of LibreCad 
librecad =:librecad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg fle can || 2021-11-19 | "Ol vet oo 
lead to an out-of-bounds write. An attacker can provide a = 
malicious file to trigger this vulnerability. 
Metabase is an open source data analytics platform. In affected 
versions a security issue has been discovered with the custom 
GeoJSON map (‘admin->settings->maps->custom maps->add a 
map’) support and potential local file inclusion (including CVE-2021-41277 
metabase -- metabase environment variables). URLs were not validated prior to being notyet |Ges > 
ie iar è : 2021-11-17 MISC 
loaded. This issue is fixed in a new maintenance release (0.40.5 calculated CONFIRM 
and 1.40.5), and any subsequent release after that. If youa€™re ee 
unable to upgrade immediately, you can mitigate this by including 
rules in your reverse proxy or load balancer or WAF to provide a 
validation filter before the application. 
There is a Cross-Site Scripting vulnerability in Microsoft Clarity 
microsoft -- clarity version 0.3. The XSS payload executes whenever the user 2021-11-19 not yet |CVE-2021-33850 
changes the clarity configuration in Microsoft Clarity version 0.3. calculated |MISC 
The payload is stored on the configuring project Id page. 
mySCADA myDESIGNER Versions 8.20.0 and prior fails to 
properly validate contents of an imported project file, which may 
myscada -- mydesigner make the product vulnerable to a path traversal payload. This 2021-11-19 not yet |CVE-2021-43555 
vulnerability may allow an attacker to plant files on the file system calculated |MISC 
in arbitrary locations or overwrite existing files, resulting in remote 
code execution. 
Applications using both ‘spring-cloud-netflix-hystrix-dashboard” 
and ‘spring-boot-starter-thymeleaf expose a way to execute code 
netflix -- submitted within the request URI path during the resolution of view 
spring_cloud_netflix_hysterix_dashbdandplates. When a request is made at */hystrix/monitor;[user- 2021-11-19 Ri eae e 
provided data]’, the path elements following `hystrix/monitor` are Pe 
being evaluated as SpringEL expressions, which can lead to code 
execution. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
A é internal microcontroller which may allow a user with elevated not yet CVE-2021-1105 
nvdia= nydia privileges to access debug registers during runtime, which may 2021-11-20 || calculated |CONFIRM 
lead to information disclosure. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
nvdia -- nvdia internal microcontroller which may allow a user with elevated 2021-11-20 not yet ||CVE-2021-1088 
privileges to utilize debug mechanisms with insufficient access calculated |CONFIRM 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
: : NVIDIA GPU and Tegra hardware contain a vulnerability in the 
nydia nydiá internal microcontroller which may allow a user with elevated 2021-11-20 Ba e os 
privileges to corrupt program data. ——— 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
Bas internal microcontroller which may allow a user with elevated not yet |CVE-2021-23219 
nvidia — gpu_and_tegra privileges to access protected information, which may lead to 2021-11-20 || calculated CONFIRM 
information disclosure. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
internal microcontroller which may allow a user with elevated 
nvidia -- gpu_and_tegra privileges to instantiate a specifically timed DMA write to corrupt 2021-11-20 M a e 
code execution, which may impact confidentiality, integrity, or A 
availability. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
nvidia -- gpu_and_tegra internal microcontroller which may allow a user with elevated 2021-11-20 not yet |CVE-2021-34399 
privileges to gain access to information from unscrubbed registers, calculated |CONFIRM 
which may lead to information disclosure. 
NVIDIA GPU and Tegra hardware contain a vulnerability in the 
nvidia -- gpu_and_tegra internal microcontroller which may allow a user with elevated 2021-11-20 not yet CVE-2021-34400 
privileges to gain access to information from unscrubbed memory, calculated |CONFIRM 
which may lead to information disclosure. 
NVIDIA GPU and Tegra hardware contain a vulnerability in an 
a internal microcontroller which may allow a user with elevated 
nvidia -- gpu_and_tegra privileges to generate valid microcode. This could lead to 2021-11-20 Paine a ae 
information disclosure, data corruption, or denial of service of the eee 
device. 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
opensource -- moddable buffer overflow in the fx_String_prototype_repeat function at 2021-11-19 oa < d Sr aeaiamee 
/moddable/xs/sources/xsString.c. Se 
OpenSource Moddable v10.5.0 was discovered to contain a stack 
opensource -- moddable overflow in the fxBinaryExpressionNodeDistribute function at 2021-11-19 Rea aa oo 
/moddable/xs/sources/xsTree.c. B 
OpenSource Moddable v10.5.0 was discovered to contain buffer 
opensource -- moddable over-read in the fxDebugThrow function at 2021-11-19 Psi ae oo 
/moddable/xs/sources/xsDebug.c. = 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
opensource -- moddable buffer overflow in the fx_ArrayBuffer function at 2021-11-19 Plier oe 
/moddable/xs/sources/xsDataView.c. ODR 
opensource -- moddable penSource Moddable v10.5.0 was discovered to contain a stac not ye - - 
ddabl OpenS Moddable v10.5.0 di dt tai tack 2021-11-19 tyet ||CVE-2021-29324 
overflow via the component /moddable/xs/sources/xsScript.c. calculated ||MISC 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
opensource = modgang buffer overflow in the fxIDToString function at a | lee 
/moddable/xs/sources/xsSymbol.c. re 
OpenSource Moddable v10.5.0 was discovered to contain a heap 
opensource- moddable buffer overflow via the component 2021-11-19 Pee tie oe 
/modules/network/wifi/esp/modwifi.c. (mens 
OroCR\M is an open source Client Relationship Management 
oröine= (CRM) application. Affected versions we found to suffer from a 
client relationshib- management vulnerability which could an attacker is able to disqualify any Lead 2021-11-19 not yet ||CVE-2021-39198 
= P— 9 with a Cross-Site Request Forgery (CSRF) attack. There are no calculated |CONFIRM 
workarounds that address this vulnerability and all users are 
advised to update their package. 
phillips -- mri_1.5_and_mri_3t Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who not yet CVE-2021-26248 
3 : : 2021-11-19 MISC 
is outside the intended control sphere to a resource. calculated MISC 
hillios -- mri 1.5 and mri 3t Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or not vet CVE-2021-26262 
PrP SSS E incorrectly restricts access to a resource from an unauthorized 2021-11-19 | A d MISC 
actor. Galcallate MISC 
phillips -- mri_1.5t_and_mri_3t [Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive not yet CVE-2021-42744 
i : ae : 2021-11-19 MISC 
information to an actor not explicitly authorized to have access. calculated MISC 
A remote authenticated attacker with write access to a PI Server 
; could trick a user into interacting with a PI Web API endpoint and 
piz- server redirect them to a malicious website. As a result, a victim may 2021-11-18 ad A 
disclose sensitive information to the attacker or be provided with a 
false information. 
The package algoliasearch-helper before 3.6.2 are vulnerable to 
; Prototype Pollution due to use of the merge function in CVE-2021-23433 
prorotype pollution = /SearchParameters/index.jsSearchParamet Numb tyet [MISC 
rototype_pollution src/SearchParameters/index.jsSearchParameters._parseNumbers|| 2024-11-19 not ye 
p = without any protection against prototype properties. Note that this calculated |MISC 
vulnerability is only exploitable if the implementation allows users MISC 
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Prima aT : CVSS Source & Patch 
Vendor -- inaia Description Published Score Info 
Pterodactyl is an open-source game server management panel 
built with PHP 7, React, and Go. Due to improperly configured 
CSRF protections on two routes, a malicious user could execute a 
CSRF-based attack against the following endpoints: Sending a 
test email and Generating a node auto-deployment token. At no CVE-2021-41273 
pterodactyl -- pterodactyl point would any data be exposed to the malicious user, this would 2024-11-17 not yet CONFIRM 
simply trigger email spam to an administrative user, or generate a calculated Msc 
single auto-deployment token unexpectedly. This token is not ED 
revealed to the malicious user, it is simply created unexpectedly in 
the system. This has been addressed in release `1.6.6`. Users 
may optionally manually apply the fixes released in v1.6.6 to patch 
their own systems. 
pulse_connect_secure - A vulnerability in Pulse Connect Secure before 9.1R12.1 could 
- pulse_connect_secure allow an unauthenticated administrator to causes a denial of 2021-11-19 a a 
service when a malformed request is sent to the device. = 
A flaw was discovered in Puppet Agent where the agent ma 
puppet -- agent silently ignore Augeas sailings or a be Walnerdsiet a Denial of|| 2021-11-18 ee EF aeS 
Service condition prior to the first 'pluginsync'. caicuiated WS% 
A flaw was discovered in Puppet Agent and Puppet Server that 
puppet -- agent_and_puppet_server hay result in a leak of HTTP credentials when lowing HTTP 2021-11-18 || not yet E 
redirects to a different host. This is similar to CVE-2018-1000007 cial |i 
puppet -- enterprise A flaw was divered in Puppet Enterprise and other Puppet 2021-11-18 not yet CVE-2021-27026 
products where sensitive plan parameters may be logged calculated ||MISC 
A flaw was discovered in Continuous Delivery for Puppet 
puppet -- enterprise Enterprise (CD4PE) that results in a user with lower privileges 2021-11-18 not yet CVE-2021-27024 
being able to access a Puppet Enterprise API token. This issue is calculated |MISC 
resolved in CD4PE 4.10.0 
qmailagent -- qmailagent We have already fixed this vulnerability in the following versions of 2021-11-20 not yet CVE-2021-34358 
QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later calculated |CONFIRM 
An issue was discovered in Quagga through 1.2.4. Unsafe 
chown/chmod operations in the suggested spec file allow users CVE-2021-44038 
quagga = quagga (with control of the non-root-owned directory /etc/quagga) to 2021-11-19 la AF MISC 
escalate their privileges to root upon package installation or ca cuac ASE 
update. 
CVE-2021-44026 
roundcube -- roundcube Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a 2021-11-19 not yet MISC 
potential SQL injection via search or search_params. calculated |MISC 
MISC 
CVE-2021-44025 
roundgube = roündcübe Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS not yet MISC 
in handling an attachment's filename extension when displaying a || 2021-11-19 calculated MISC 
MIME type warning message. MISC 
MISC 
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. 
The samples library (included by default) in the appstart.sas file, 
allows end-users of the application to access the 
: sample.webcsf1.sas program, which contains user-controlled 
Rass net macro variables that are passed to the DS2CSF macro. Users can|| 2021-11-19 — i ae ee 
escape the context of the configured user-controllable variable calculated (MISC 
and append additional functions native to the macro but not 
included as variables within the library. This includes a function 
that retrieves files from the host OS. 
Sharetribe Go is a source available marketplace software. In 
affected versions operating system command injection is possible 
on installations of Sharetribe Go, that do not have a secret AWS CVE-2021-41280 
; ; Simple Notification Service (SNS) notification token configured via FRANEA 
sharetribe_go -- sharetribe_go the” P i , ; saaa not yet ||CONFIRM 
e ‘sns_notification_token’ configuration parameter. This 2021-11-19 calculated |IMISC 
configuration parameter is unset by default. The vulnerability has MISC 
been patched in version 10.2.1. Users who are unable to upgrade e 
should set the`sns_notification_token` configuration parameter to 
a secret value. 
A reflected cross-site scripting (XSS) vulnerability has been 
reported to affect QNAP NAS running Ragic Cloud DB. If 
snapdragon -- qnap exploited, this vulnerability allows remote attackers to inject 2021-11-20 not yet CVE-2021-38681 
malicious code. QNAP have already disabled and removed Ragic calculated |CONFIRM 
Cloud DB from the QNAP App Center, pending a security patch 
from Ragic. 
snipe-it -- snipe-it snipe-it is vulnerable to Improper Neutralization of Input During 2021-11-19 not yet Sora 
Web Page Generation ('Cross-site Scripting’ “ calculated |A orn 
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solidus_auth_devise provides authentication services for the 
Solidus webstore framework, using the Devise gem. In affected 
versions solidus_auth_devise is subject to a CSRF vulnerability 
that allows user account takeover. All applications using any 
version of the frontend component of `solidus_auth_devise` are 
affected if ‘protect_from_forgery’ method is both: Executed 
whether as: A ‘before_action’ callback (the default) or A 
*prepend_before_action® (option ‘prepend: true’ given) before the 
*:load_object’ hook in “Spree::UserController’ (most likely order to 
find). Configured to use *:null_session’ or *:reset_session” 
strategies (“:null_session’ is the default in case the no strategy is 
given, but ‘rails --new` generated skeleton use *:exception’). 
Users should promptly update to ‘solidus_auth_devise’ version 
‘2.5.4. Users unable to update should if possible, change their 
strategy to ‘:exception’. Please see the linked GHSA for more 
workaround details. 


spree_auth_devise is an open source library which provides 
authentication and authorization services for use with the Spree 
storefront framework by using an underlying Devise authentication 
framework. In affected versions spree_auth_devise is subject to a 
CSRF vulnerability that allows user account takeover. All 
applications using any version of the frontend component of 
spree_auth_devise are affected if protect_from_forgery method is 
both: Executed whether as: A before_action callback (the default). 
A prepend_before_action (option prepend: true given) before the 
‘load_object hook in Spree::UserController (most likely order to 
find). Configured to use :null_session or :reset_session strategies 
(:null_session is the default in case the no strategy is given, but 
rails --new generated skeleton use :exception). Users are advised 
to update their spree_auth_devise gem. For users unable to 
update it may be possible to change your strategy to :exception. 
Please see the linked GHSA for more workaround details. ### 
Impact CSRF vulnerability that allows user account takeover. All 
applications using any version of the frontend component of 
spree_auth_devise -- *spree_auth_devise’ are affected if ‘protect_from_forgery’ method notvet CVE-2021-41275 
spree_auth_devise is both: * Executed whether as: * A before_action callback (the 2021-11-17 saad MISC 

default) * A prepend_before_action (option prepend: true given) CONFIRM 

before the :load_object hook in Spree::UserController (most likely 
order to find). * Configured to use :null_session or :reset_session 
strategies (:null_session is the default in case the no strategy is 
given, but rails --new generated skeleton use :exception). That 
means that applications that haven't been configured differently 
from what it's generated with Rails aren't affected. Thanks 
@waiting-for-dev for reporting and providing a patch ? ### 
Patches Spree 4.3 users should update to spree_auth_devise 
4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 
### Workarounds If possible, change your strategy to :exception: 
`“ruby class ApplicationController < ActionController::Base 
protect_from_forgery with: :exception end ` Add the following 
to*config/application.rb “to at least run the *:exception’ strategy on 
the affected controller: ‘ruby config.after_initialize do 
Spree::UsersController.protect_from_forgery with: :exception end 
’ ##H References 
https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA- 
xm34-v85h-9pg2 


** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper 
through 3.7.0 mishandles concurrency, sometimes resulting in 
incorrect access control. The data replication mechanism allows 
policies to access the Kubernetes cluster state. During data 
styra -- replication, OPA/Gatekeeper does not wait for the replication to not vet CVE-2021-43979 
open_policy_agent_gatekeeper finish before processing a request, which might cause 2021-11-17 Be naan MISC 
inconsistencies between the replicated resources in MISC 
OPA/Gatekeeper and the resources actually present in the cluster. 
Inconsistency can later be reflected in a policy bypass. NOTE: the 
vendor disagrees that this is a vulnerability, because Kubernetes 
states are only eventually consistent. 


CVE-2021-41274 
CONFIRM 
MISC 


solidus_auth_devise -- 


solidus_auth_devise not yet 


202) calculated 




















: : A CVE-2021-37592 
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via not yet [MISC 


a client with a crafted TCP/IP stack that can send a certain 2021-11-19 calculated [CONFIRM 
sequence of segments. CONFIRM 


suricata -- suricata 








CVE-2021-44037 
MISC 
MISC 


CVE-2021-44036 
MISC 
MISC 


team_password_manager -- 


Team Password Manager (aka TeamPasswordManager) before 
team_password_manager 


10.135.236 allows password-reset poisoning. 


not yet 


2021-11-19 calculated 











team_password_manager -- 


Team Password Manager (aka TeamPasswordManager) before 
team_password_manager 


10.135.236 has a CSRF vulnerability during import. 


not yet 


2021-11-19 calculated 
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vim -- vim notyet |e¥E:e021-8968 
vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 y CONFIRM 
calculated 
MISC 
vim -- vim not yet |CVE-2021-3974 
vim is vulnerable to Use After Free 2021-11-19 calc ered MISC 
mares [CONFIRM 
: : CVE-2021-3973 
VIMSEN vim is vulnerable to Heap-based Buffer Overflow 2021-11-19 || Tor yet misc 
mares’ [CONFIRM 
Wireshark=-wireshark Uncontrolled Recursion in the Bluetooth DHT dissector in Agvet ao 
Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of 2021-11-19 aei MISC 
service via packet injection or crafted capture file CONFIRM 
: ; rrr CVE-2021-39925 
F > Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 EAEn 
wireshark niles tan to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet aanas ea eo 
injection or crafted capture file Fears 
MISC 
: : NULL pointer exception in the IPPUSB dissector in Wireshark CVE-2021-39920 
wireshark -- wireshark ; i . cats not yet MISC 
3.4.0 to 3.4.9 allows denial of service via packet injection or 2021-11-18 calculated MISC 
crafted capture file CONFIRM 
i E . Satie CVE-2021-39921 
f : NULL pointer exception in the Modbus dissector in Wireshark a 
Wiigshark =- Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via agaia I DAYS 
packet injection or crafted capture file CONFIRM 
: : + RA CVE-2021-39922 
wineshark-awiresharke Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 not yet [CONFIRM 
and 3.2.0 to 3.2.17 allows denial of service via packet injection or || 2021-11-19 calculated MISC 
crafted capture file PFA 
MISC 
; St : P CVE-2021-39923 
Wireshiarie-swireshark NULL pointer exception in the IPPUSB dissector in Wireshark not yet CONFIRM 
3.4.0 to 3.4.9 allows denial of service via packet injection or 2021-11-19 calculated MISC 
crafted capture file MISC 
: : Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to CVE-2021-39924 
wireshark -- wireshark : : j not yet MISC 
3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet 2021-11-19 calculated |CONFIRM 
injection or crafted capture file wes 
MISC 
i : Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark CvE-2021-39926 
wireshark -- wireshark : Ri ae pelea not yet MISC 
3.4.0 to 3.4.9 allows denial of service via packet injection or 2021-11-19 Iculated |CONFIRM 
crafted capture file calc eo 
MISC 
: ee : nA ge CVE-2021-39928 
z F NULL pointer exception in the IEEE 802.11 dissector in Wireshark RAM 
Wirsshark=s wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via aoza || eve ee 
packet injection or crafted capture file PEE 
MISC 
The Duplicate Post WordPress plugin up to and including version 
1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities 
occur when client supplied data is included within an SQL Query 
insecurely. SQL Injection can typically be exploited to read, modify 
wordpress “wordpress and delete SQL table data. In many cases it also possible to nat vet CVE-2021-43408 
P P exploit features of SQL server to execute system commands 2021-11-19 eeticicd MISC 
and/or access the local file system. This particular vulnerability MISC 
can be exploited by any authenticated user who has been granted 
access to use the Duplicate Post plugin. By default, this is limited 
to Administrators, however the plugin presents the option to permit 
access to the Editor, Author, Contributor and Subscriber roles. 
The Easy Registration Forms WordPress plugin is vulnerable to 
wordpress <swordorass Cross-Site Request Forgery due to missing nonce validation via iat vet CVE-2021-39353 
P p the ajax_add_form function found in the ~/includes/class-form.php || 2021-11-19 erie MISC 
file which made it possible for attackers to inject arbitrary web MISC 
scripts in versions up to, and including 2.1.1. 
wordorese:= wordpress Authenticated Persistent Cross-Site Scripting (XSS) vulnerability not vat CVE-2021-36884 
p P discovered in WordPress Backup Migration plugin <= 1.1.5 2021-11-19 y CONFIRM 
> calculated 
versions. CONFIRM 
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wordpress -- wordpress 











The "WPO365 | LOGIN" WordPress plugin (up to and including 
version 15.3) by wpo365.com is vulnerable to a persistent Cross- 
Site Scripting (XSS) vulnerability (also known as Stored or 
Second-Order XSS). Persistent XSS vulnerabilities occur when 
the application stores and retrieves client supplied data without 
proper handling of dangerous content. This type of XSS 
vulnerability is exploited by submitting malicious script content to 
the application which is then retrieved and executed by other 
application users. The attacker could exploit this to conduct a 
range of attacks against users of the affected application such as 
session hijacking, account take over and accessing sensitive data. 
In this case, the XSS payload can be submitted by any 
anonymous user, the payload then renders and executes when a 
WordPress administrator authenticates and accesses the 
WordPress Dashboard. The injected payload can carry out actions 
on behalf of the administrator including adding other 
administrative users and changing application settings. This flaw 
could be exploited to ultimately provide full control of the affected 





system to the attacker. 








2021-11-19 





not yet 
calculated 





CVE-2021-43409 
MISC 
MISC 
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